Category: Web
Points: 100
Description:
Go here:
http://asis-ctf.ir:12437
Write-up:
I enter the site it gives and find this infomation:
Anyone who has visited our site is the 1234567890th Special prizes are awarded. Welcome, It seems that you are visiting our website first time :) Sorry, visit our again later :(
Refresh the page then it says:
Anyone who has visited our site is the 1234567890th Special prizes are awarded. You have visited us already You are the 1282 visitor Don't hack cookies, we are alive :)
Of course I will mesh around with the cookies.
I find that there’s a cookie named “Visitor” and its value is:
MTI4MjoxY2VjYzdhNzc5MjhjYTgxMzNmYTI0NjgwYTg4ZDJmOQ==
Base64 decode it and I get:
1282:1cecc7a77928ca8133fa24680a88d2f9
We can see that MD5(“1282″)=”1cecc7a77928ca8133fa24680a88d2f9”.
So I construct the cookie value as Base64.encode(“1234567890:”+MD5(“1234567890”)), which value is:
MTIzNDU2Nzg5MDplODA3ZjFmY2Y4MmQxMzJmOWJiMDE4Y2E2NzM4YTE5Zg==
Then refresh the page and get the flag.