Overview
For this web exploitation challenge, we are sent to a website that claims the challenge is all about cookies, and not just the kind that you eat.
Solution
The first thing we see after loading the website is a popup at the bottom of the page that says the following:
We’re using a cookie whether you like it or not, but it does have a flag!
*Declining makes you feel better but doesn’t actually stop the cookie from existing
Well, that’s pretty straightforward. From that message and the challenge theme, we can assume that the flag is located somewhere in the website’s cookies. But how do we see those?
Most modern web browsers come with developer tools that can be accessed by pressing the F12
key or right-clicking on a webpage and then left-clicking Inspect
. The developer tools give us a few ways to look at a website’s cookies, some of which are outlined below. Note that depending on the browser, some sections within their development tools may be named differently, but the goal is the same.
Viewing Cookies
Using Firefox, we can head over to the Storage
tab of our developer tools, open the Cookies
dropdown, and click on the “cookiecrackdown” website to see its cookies. There, we see a cookie called flag
whose value is the flag:
MetaCTF{n0nc0ns3nsu4l_c00ki3_cr4ckd0wn}
Looking at Network Traffic
Another way we can view the cookies for this website is by going to the Network
tab of our developer tools and reloading the website. If we click on the specific request that loads the main webpage, we can see various details about the request we sent to the web server and its response.
By clicking on the Headers
tab on the right side of the window, we can see the request headers, the response headers, and the data each header contains. One particular response header, the Set-Cookie
header, is used by a web server to send cookies to a client. Taking a closer look, the contents of the header (shown below) contain “flag” cookie and its value, which looks exactly like the flag:
Set-Cookie: flag=MetaCTF{n0nc0ns3nsu4l_c00ki3_cr4ckd0wn}; Expires=Tue, 25 Feb 2025 17:54:55 GMT; Max-Age=7200; HttpOnly; Path=/
We can also click on the Cookies
tab within the Network
tab and look at the Response Cookies
section. This shows us the “flag” cookie, and by inspecting the contents of it we see the output below, which contains the flag:
expires "2025-02-25T19:03:12.000Z"
httpOnly true
path "/"
value "MetaCTF{n0nc0ns3nsu4l_c00ki3_cr4ckd0wn}"