picoCTF 2021 Cookies Writeup

Cookies is a Web Exploitation puzzle worth 40 points. This puzzle’s name gave a clue that enabled me to solve this in no time.

I used the EditThisCookie plugin in Chrome to edit the single cookie name on this page. It had a value of 0 after submitting snickerdoodle as hinted in the input box. trying different numbers gave me different names of cookies.

After several tries, the flag was displayed:

Luckily, this flag was discovered quickly. If the number was higher, this manual approach could have taken all day. If this flag didn’t turn up after many more tries, I would have scripted something or used Burp Suite to brute force the cookie.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s