Points: 40
Tags: picoCTF 2021, Web Exploitation
Author: MADSTACKS
Description:
Who doesn't love cookies? Try to figure out the best one.
http://mercury.picoctf.net:27177/
Hints:
(None)
Challenge link: https://play.picoctf.org/practice/challenge/173
As the challenge name indicates we should keep an eye out for cookies here.
There probably are more ways to solve this challenge, but here are two solutions.
Browse to the web site with your browser (I used Google Chrome).
Then as hinted in the search text box, search for 'snickerdoodle'.
You get a "I love snickerdoodle cookies!" message as response.
Press F12 to open DevTools and go to the Application tab.
Under Storage and then Cookies select the web site.
Note that there is a cookie named name with the value of 0.
Right-click on the value and Edit "Value". Change the value to 1.
Reload the page by pressing F5 and note that the message changes to "I love chocolate chip cookies!".
Depending on the value of the cookie we get different messages.
Continue increasing the value of the cookie until you see the flag in the returned message.
The correct value is 18.
If we don't want to manually edit the cookie value we can enumerate the cookie values in a semi-scripted way and then use curl to retreive the web site and grep for the flag.
In Linux
┌──(kali㉿kali)-[/mnt/…/picoCTF/picoCTF_2021/Web_Exploitation/Cookies]
└─$ for c in $(seq 1 25); do curl -s --cookie "name=$c" http://mercury.picoctf.net:27177/check | grep picoCTF ; done
<p style="text-align:center; font-size:30px;"><b>Flag</b>: <code>picoCTF{3v3ry1_<REDACTED>}</code></p>The Windows syntax is slightly similar
Z:\CTFs\picoCTF\picoCTF_2021\Web_Exploitation\Cookies>for /L %c in (1,1,25) do curl -s --cookie "name=%c" http://mercury.picoctf.net:27177/check | grep picoCTF
<p style="text-align:center; font-size:30px;"><b>Flag</b>: <code>picoCTF{3v3ry1_<REDACTED>}</code></p>
Here Grep for Windows and curl for Windows was used.
For additional information, please see the references below.