csictf 2020

CTF Writeup - https://ctftime.org/event/1081

Home csictf 2020 Writeups Home
19 July 2020

Oreo

by INXS_JOY

My nephew is a fussy eater and is only willing to eat chocolate oreo. Any other flavour and he throws a tantrum.

http://chall.csivit.com:30243

Solution

My nephew is a fussy eater and is only willing to eat chocolate oreo. Any other flavour and he throws a tantrum.

The site displays the above message when visited. I reloaded the page and captured the request using Burp Suite and found this.

alt text

I noticed that there is a cookie called flavour which seems to have a Base64 encoded value c3RyYXdiZXJyeQ==. Using an online base64 decoder like this, I got the decoded value as Strawberry.

The site says that the nephew only likes chocolate therefore I had an intuition to set the flavour cookie to base64 equivalent of “chocolate”. Using the same base64 decoding site, we get Y2hvY29sYXRl as base64 encoded text of “chocolate”. Now setting the flavour cookie to Y2hvY29sYXRl and sending the request, we get the flag.

You don’t need to have burpsuite to solve this challenge, although it might be useful in solving higher difficulty problems. A normal browser extension cookie editor will do the job for this challenge.

Flag

csictf{1ick_twi5t_dunk}
tags: Web