Advent of CTF – Day 2 Writeup
This writeup helps you solve Day 2 of the Advent of CTF challenges. You can find the previous challenge here: Advent of CTF – Day 1 Writeup. Yet again, this challenge should not be too much of a problem.
Opening the challenge URL gives us the following page:
What we learnt in the last challenge is that there might be a hint inside the page source
Upon checking the page source we don’t see anything out of the order. This means we should check somewhere else. Maybe inside the storage area of our browser. This is where we can see the different cookies we have.
In our cookie area we see the following cookie
authenticated - eyJndWVzdCI6InRydWUiLCJhZG1pbiI6ImZhbHNlIn0%3D
The value of the authenticated cookie is first URL encoded and then Base64 encoded. If we decode it we see the following content:
{"guest":"true","admin":"false"}7
Note: keep in mind the 7
What will happen if we set guest to false and admin to true? Let’s find out!
{"guest":"false","admin":"true"}
Encoding this back to Base64 (our cookie was in a Base64 format)gives us the following string
eyJndWVzdCI6ImZhbHNlIiwiYWRtaW4iOiJ0cnVlIn0=
We are almost there! The only thing left is to URL encode our Base64 string. This will turn the = into the %3D which was the 7 we saw earlier. Our final string looks like this
eyJndWVzdCI6ImZhbHNlIiwiYWRtaW4iOiJ0cnVlIn0%3D
If we insert this value into our authenticated cookie and refresh the page, we are greeted with the flag: NOVI{cookies_are_bad_for_auth}!
The next challenge: Advent of CTF – Day 3
2 Comments