Tags: web base64 cookie 

Rating: 4.0

# IceCTF Toke
### Solution By: Nullp0inter

# Description:
I have a feeling they were pretty high when they made this [website](toke.vuln.icec.tf)...

# Solution

When you visit the webpage you are able to do basically two things, register and login. I, along with what I assume is a significant portion of people, thought that
this challenge was a SQLi or XSS challenge at first. I initially made an account trying XSS but it was handled properly so that got nowhere, except I did see the post
was made by a "Toke" who I then attempted to SQLi may way into for a while which was also fruitless. After logging in if you examine the cookies you will see one that
is `jwt_token` which looks to be base64 encoded. If we just throw copy the whole thing `eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmbGFnIjoiSWNlQ1RGe2pXN190MEszbnNfNFJlX25PX3AxNENFX2ZPUl81M0NyRTdTfSIsInVzZXIiOiJucHRyIn0.ItKxsZx5YLny17hrz2WTmWALcBzwxB75pjwkxrNONd8` and just base64decode it:

```python
#!/usr/bin/python

import Base64

cookie = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmbGFnIjoiSWNlQ1RGe2pXN190MEszbnNfNFJlX25PX3AxNENFX2ZPUl81M0NyRTdTfSIsInVzZXIiOiJucHRyIn0.ItKxsZx5YLny17hrz2WTmWALcBzwxB75pjwkxrNONd8'

print (base64.b64decode(cookie))
```

we get back the flag:
`IceCTF{jW7_t0K3ns_4Re_nO_p14CE_fOR_53CrE7S}`

Original writeup (https://github.com/WCSC/writeups/tree/master/icectf-2016/Toke).