**Full write-up:** https://www.sebven.com/ctf/2021/08/03/ImaginaryCTF2021-Cookie-Stream.html

Web – 150 pts (86 solves) – Chall author: Eth007

A classic example of how not to use a cookie-based login system for your webpage, how not to hash stored passwords, and how not to create passwords to begin with… A singular un-salted hashed password is easy to recognise and reverse. Being able to login succesfully to a non-admin account we steal its cookie and bit-flip our way to the admin page!

Original writeup (https://www.sebven.com/ctf/2021/08/03/ImaginaryCTF2021-Cookie-Stream.html).