Skip to content

Commit 3afdc99

Browse files
authored
Create Flask_Unsecure_session.md
1 parent 14ad921 commit 3afdc99

1 file changed

Lines changed: 31 additions & 0 deletions

File tree

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
# Flask - Unsecure session
2+
3+
<img alt="chall" src="https://github.com/user-attachments/assets/6175ad33-09e5-4cc5-afa7-8851d44b5bcd" />
4+
5+
<br>
6+
7+
A classic challlenge rounded with the cookie. While checking for souce code, I could't find any interesting or any hints. So, I firedup my burp and started looking for the request and response.
8+
While checking the cookie section. I found something like this.
9+
10+
<br>
11+
12+
<img alt="burp" src="https://github.com/user-attachments/assets/0b3032d5-4d36-4f9f-9bf0-fb5195a9d819" />
13+
14+
John was not working as expected while I try to crack the hash,
15+
After researching sometime, I got to know the website https://tldr.inbrowser.app/pages/common/flask-unsign
16+
17+
```bash
18+
~> flask-unsign -d -c "eyJhZG1pbiI6ImZhbHNlIiwidXNlcm5hbWUiOiJndWVzdCJ9.aYgyGQ.ZiLTB3KZn02y_LsCp0MIDMPlqBY"
19+
{'admin': 'false', 'username': 'guest'}
20+
```
21+
22+
As I don't know the secret, I couldn't modify the cookie, So I cracked it using the `flask-unsign` tool & made a new key with `'{"admin":"true","username":"admin"}'`.
23+
24+
<img alt="key cracks" src="https://github.com/user-attachments/assets/6164eb04-119f-4ab1-ae06-949538580ba1" />
25+
26+
This gave me the Flag.
27+
28+
<img alt="flag" src="https://github.com/user-attachments/assets/d25991ee-0e40-4cab-b2b2-b874b2ba02c8" />
29+
30+
31+
<hr>

0 commit comments

Comments
 (0)