Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

CSRF TOKEN???!!!!

  1. Home
  2. Forum
  3. Timed Challenges
  4. CSRF TOKEN???!!!!

synstealth's Avatar

synstealth

PHP WARRIOR
2,490 1

frustrated with this token, Each time I try to access the page, I ether get 405 not allowed or 419 expired - Im using PHP CURL and anyone who successfully did this, can you please help me with some pointers or look at my code and see what the hell is going on ?


Mordak's Avatar

Mordak

Evil Sorcerer
4,025 18

This is why for V3 we will have the Challenges API to remove this complexity. However for now the I scape the page and pull the CSRF token from the header or the form, both methods will work as its the same token.


rex_mundi's Avatar

rex_mundi

☆ Lucifer ☆
3,050 6

Hahah PHP ….. everyones grandads favourite coding language.


rex_mundi's Avatar

rex_mundi

☆ Lucifer ☆
3,050 6

With Python to get the token you’d just feed it a regular expression telling it what to look for:

token = re.findall(’[A-Za-z0-9]{40}’, r.text)

Does cURL not just save your token in the Cookiejar ?

Maybe try enabling cookie handling in the cURL request using CURLOPT_COOKIEJAR and CURLOPT_COOKIEFILE. if you haven’t already.

Also send me your code if you’re still having problems , and then I can run it on my end and see the problems for myself.


rex_mundi's Avatar

rex_mundi

☆ Lucifer ☆
3,050 6

That Rex guy is full of shit, ignore his last post, the token is in the form and the header it’s not a cookie, 🤡