HACKR.GG
hackr.gg — CritBook — Session Security Walkthrough
hackr.gg — Official Walkthrough
Confidential · Educational Use Only

CritBook — Session Security

Session Security · Session Fixation & Weak IDs
Difficulty
Intermediate
Vuln class
Session Fixation & Weak IDs
Steps
2
// Objective
Exploit a weak session ID (Flag 1) and a session fixation vulnerability (Flag 2).
// Tools required
BrowserBurp Suitecurl
// Step-by-step walkthrough
1
Enumerate predictable session IDs (Flag 1)
After login, note the format of your session ID. If it's numeric, try IDs near yours — especially low integers for admin.
Command / Input
GET /api/sessions Cookie: session=1
Output
{"user":"admin","flag":"HackrGG{w34k_s3ss10n_1d_pr3d1ct4bl3}"}
Admin sessions often have the lowest IDs assigned at startup.
2
Session fixation attack (Flag 2)
The login endpoint accepts a pre-set session ID via the X-Session-Id header. Set your own ID, convince the victim to log in (simulate via the admin panel), then use that same ID.
Command / Input
POST /login X-Session-Id: my_fixed_id Then: GET /api/me Cookie: session=my_fixed_id
Output
{"user":"admin","flag":"HackrGG{s3ss10n_f1x4t10n_h1j4ck3d}"}
After login, the server should rotate the session ID. If it doesn't, fixation works.
// Flag
Flag value
HackrGG{w34k_s3ss10n_1d_pr3d1ct4bl3}
Flag 1 via ID enumeration; Flag 2 via session fixation.
hackr.gg · Cybersecurity Education PlatformEducational use only · Do not distribute