Cookie Robot

You know what to do, collect them all.

Initial Recon

As the title suggested, first check out robots.txt:

User-agent: * 
Disallow: /cookie.php

Now head over to cookie.php:

Nothing interesting, but again, the name of the page is a huge hint. Using Inspect Element, we can check document.cookie and find out that we have cookies:

"Our_Fav_Cookie=8de0b3c47f112c59745f717a626932264c422a7563954872e237b223af4ad643; Piece=6"

The Piece=1 cookie implies that there are more, so we can refresh the page. As expected, we get another cookie.

Dumping all the cookies

We can create a super simple python script to dump them all:

from requests import Session

sess = Session()

while True:
    r = sess.get('http://15.206.202.26/cookie.php')
    cookies = r.cookies.get_dict()
    print(cookies)

The Piece cookies go up to 39 before starting again from 0, so we assume there are 39. We now dump all 39 of them and save them to a file.

Decoding

As they are hex, we first attempt some hex decoding, but that is unsuccessful. The next idea is to check if they are valid hashes, which they are! It appears as if each cookie is simply a hash of a letter of the flag, and we can dump all of the hashes here.

c4694f2e93d5c4e7d51f9c5deb75e6cc8be5e1114178c6a45b6fc2c566a0aa8c : O
f67ab10ad4e4c53121b6a5fe4da9c10ddee905b978d3788d2723d7bfacbe28a9 : F
4ae81572f06e1b88fd5ced7a1a000945432e83e1551e6f721ee9c00b8cc33260 : Q
5c62e091b8c0565f1bafad0dad5934276143ae2ccef7a5381e8ada5b1a8d26d2 : P
333e0a1e27815d0ceee55c473fe3dc93d56c63e3bee2b3b4aee8eed6d70191a3 : G
8de0b3c47f112c59745f717a626932264c422a7563954872e237b223af4ad643 : S
021fb596db81e6d02bf3d2586ee3981fe519f275c0ac9ca76bbcf2ebb4097d96 : {
5c62e091b8c0565f1bafad0dad5934276143ae2ccef7a5381e8ada5b1a8d26d2 : P
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9 : 0
[...]

Now we can save this in cracked and use some basic bash to isolate the individual letters and print them all out.

cat cracked | awk -F ' : ' '{print $2}' > flag
for line in $(cat flag); do echo -n $line; done

And we get the output

OFQPGS{P00x135_ne3_o35g_cy4p3_70_pu3px}

This looks a lot like ROT13, and once decoded from it we get the flag.

Flag: BSDCTF{C00k135_ar3_b35t_pl4c3_70_ch3ck}

PreviousThanks for AttendingNexthacktoberctf

Last updated