Forum Discussion

Icon for Silver I rank

Silver I

2 months ago

Serial Maze Support Group

Have you been burned by the serial maze? Welcome! This is a safe space to air out all your serial maze comments, challenges, and anything else. 🙃

Icon for Bronze II rank

Bronze II

2 months ago

itsdangerous
token > secret_key > 🥒 > answer

Icon for Bronze III rank

Bronze III

2 months ago

Do you need to find the secret_key before sending the pickle payload? or use a pickled payload to find it?

domel44
Bronze II
2 months ago
Yes - first finding secret_key

then 🥒
- sabil10
  Bronze II
  24 days ago
  domel44 ..I got rough idea to solve the lab.. we need to use itsdangerous signed payload and bruteforce the secret_key with rockyou wordlist.. appreciate any hint on finding token..?
  - autom8on
    Silver I
    24 days ago
    From my very rough notes (thanks Vlad! ;p): "You need to pickle the co-ordinates, then sign them using itsdangerous" (looking at previous labs in the series may help work out how the co-ordinates are normally passed).
    I had no need for rockyou after picking up the not-so-subtle hint in the following screenshot... ;p
- Nneka_AN
  Silver I
  2 months ago
  Thank you so much domel44, you have been so incredibly helpful! The rockyou clue has been my closest one so far.
  
  Quick question, please. The rockyou.txt on my sandboxed Kali machine is only 1556 bytes, whereas the real wordlist is over 133 megabytes. Did you have to alter the list in some way before you were able to use it, please?
  - domel44
    Bronze II
    2 months ago
    Hi Nneka,
    i use the list available on the Kali host.