This time we got the same login page that we got in the last level and its clearly mentioned that the source code is almost same, but the session id's will be random.
Let's first get the session id by trying to login with some random credentials.
Decoding the Cookie
The session id we got was some random encoded string. I tried to decode the session id's by some basic encoding schemes in cyber chef and was able to decode the string using From Hex scheme.
The string that we got after decoding is <id>-admin.
Brute-forcing Session ID
Since we know all the possible id's, we can generate a word list of all possible <id>-admin sessions ids with Hex encoding. The wordlist can be generated using the following python script.
#! /usr/bin/pythonwordlist =open("hex_640.txt", "w")cookies = [f"{i}-admin".encode("utf-8").hex()+"\n"for i inrange(0, 641)]wordlist.writelines(cookies)wordlist.close()
Now we have successfully generated the word list by executing the above python script.
Now its time to use ffuf to brute-force the session id's.