Writeup: Advent of CTF 2 – CookieMonster

For the 2nd challenge we are required to bypass the login mechanism used on this webpage https://02.adventofctf.com. This is the page we get when we navigate to the URL.

I tried logging in with a random username:password test:test. Since we are logged in as guests, we do not see the flag.

Using developer tools, noted that there were cookies being stored on the page which looks like a Base64 string.

Decoding the Base64 string gives us the value {“guest”:”true”,”admin”:”false”}. Well, I do not want to be logged in as a guest and would like to have admin privileges too.

Let’s try modify that cookie value to {“guest”:”false”,”admin”:”true”}. We need to encode it back to Base64. We get a new value of eyJndWVzdCI6ImZhbHNlIiwiYWRtaW4iOiJ0cnVlIn0= that we can modify our cookie to.

We can easily modify that cookie value from browser developer tools, under Storage. Simply double-click on the value field and paste.

We then refresh the page and get the flag NOVI{cookies_are_bad_for_auth}.

Let’s update the Badge Server

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s