Contact CTF writeups Notes

[PicoCTF 2018] - web - No Login

This is one of my writeups for PicoCTF 2018

Problem

Looks like someone started making a website but never got around to making a login, but I heard there was a flag if you were the admin. http://2018shell3.picoctf.com:33889

Hints :

  1. What is it actually looking for in the cookie?

Solution

The clue indicates that we should somehow manipulate the cookie in order to get logged-in as admin.

So I first browsed around the site to see what cookies get set, but all we get is the same encrypted cookie we can see on other problems. Looks like we have to forge a new cookie.

It was then a matter of guesswork :

  • username=admin : Nope.
  • user=admin : Nope.
  • admin=True (similar as the previous "Logon" task) : we get the flag: picoCTF{n0l0g0n_n0_pr0bl3m_26b0181a}