Open in app

Sign in

Write

Sign in

picoCTF — More Cookies [Web Exploitation]

MR SHAN
3 min readAug 11, 2021

--

Welcome back ,

we are going to do is More cookies from Web Exploitation category .

I guess this is going to be a bit complicated as you can see only 27% people achieved it . So let’s give a try.

and like i said this was a bit hard thing , I found a cookie when i intercepted it .

So when i tried to decode it it again returned a huge string .

Burp Decoder

So I go through a write-up : https://github.com/HHousen/PicoCTF-2021/blob/master/Web%20Exploitation/More%20Cookies/script.py

Thanks to https://github.com/HHousen for that .

and they bit explained about how it works and all. and there was a python code to decrypt it which is already given on that website , but I am giving it below .

import requests
from base64 import b64decode, b64encode
from tqdm import tqdm# Bit flip code based on https://crypto.stackexchange.com/a/66086.
# we need to decode from base64 twice because the cookie was encoded twice.
def bit_flip(pos, bit, data):
    raw = b64decode(b64decode(data).decode())list1 = bytearray(raw)
    list1[pos] = list1[pos] ^ bit
    raw = bytes(list1)
    return b64encode(b64encode(raw)).decode()cookie = "<your string>"
for position_idx in tqdm(range(10), desc="Bruteforcing Position"):
    # The 96 really should be 128 to test every bit, but 96 worked for me.
    for bit_idx in tqdm(range(96), desc="Bruteforcing Bit"):
        auth_cookie = bit_flip(position_idx, bit_idx, cookie)
        cookies = {'auth_name': auth_cookie}
        r = requests.get('http://mercury.picoctf.net:<your port>/', cookies=cookies)
        if "picoCTF{" in r.text:
            # The flag is between `<code>` and `</code>`
            print("Flag: " + r.text.split("<code>")[1].split("</code>")[0])
            break

You have to edit the code where i shown <your string> on variable ck and <your port > on variable r . ck is the string when you inspect the element and r is the website url from the description of more cookies or your more cookies website port number .

Save this code with a python extension .py and run .

It’s a brute forcing code which will probably take some time .

Running the python code

And finally there it is ,

Flag Found

Thank you .

watch and share 😇

See you on another Blog .

Ctf Writeup
Picoctf
Hacking
More Cookies

--

--

MR SHAN
MR SHAN

Written by MR SHAN

40 Followers
47 Following

Engineering Student , Programmer , InfoSec Boy, Bug Hunter

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams