Cookies (picoCTF 36)

Challenge Author: MADSTACKS

Category: Web Exploitation

Difficulty: Easy

Description

Who doesn’t lobe cookies? Try to figure out the best one

Process / Notes

  1. Follow the http link
  2. Enter a cookie name? Chocolate chip –> “That is a good cookie! Not very special though…”
  3. Check the page source to see if the answer is there
  4. Didn’t find anything in the source code or nested JavaScript
  5. Testing different things
  6. At 20:50 in, checking what to do
  7. In the inspector, going all the way over to “Application”, there’s a cookies tab under “Storage” - you can change the value across from name
  8. Changing that value and reloading the page will display different cookie names
  9. When you enter the value 18 in the box, it prints the flag 10 From the tutorial: “It will store info on your computer, then you can alter those values, refresh the page, and it will use those values INSTEAD of the ones it gave you initially.”
  10. It sounds like you can automate some of the iteration of cookie values with Burpsuite

29 minutes 29 seconds to complete

Hints

Core Lessons

  1. Understand where to look for cookies in the web-inspector
  2. Understand how to alter those values to achieve deisred results