Flash CTF – Cookie Crackdown

Overview

For this web exploitation challenge, we are sent to a website that claims the challenge is all about cookies, and not just the kind that you eat.

Solution

The first thing we see after loading the website is a popup at the bottom of the page that says the following:

We’re using a cookie whether you like it or not, but it does have a flag!

*Declining makes you feel better but doesn’t actually stop the cookie from existing

Well, that’s pretty straightforward. From that message and the challenge theme, we can assume that the flag is located somewhere in the website’s cookies. But how do we see those?

Most modern web browsers come with developer tools that can be accessed by pressing the F12 key or right-clicking on a webpage and then left-clicking Inspect. The developer tools give us a few ways to look at a website’s cookies, some of which are outlined below. Note that depending on the browser, some sections within their development tools may be named differently, but the goal is the same.

Viewing Cookies

Using Firefox, we can head over to the Storage tab of our developer tools, open the Cookies dropdown, and click on the “cookiecrackdown” website to see its cookies. There, we see a cookie called flag whose value is the flag:

MetaCTF{n0nc0ns3nsu4l_c00ki3_cr4ckd0wn}

Looking at Network Traffic

Another way we can view the cookies for this website is by going to the Network tab of our developer tools and reloading the website. If we click on the specific request that loads the main webpage, we can see various details about the request we sent to the web server and its response.

By clicking on the Headers tab on the right side of the window, we can see the request headers, the response headers, and the data each header contains. One particular response header, the Set-Cookie header, is used by a web server to send cookies to a client. Taking a closer look, the contents of the header (shown below) contain “flag” cookie and its value, which looks exactly like the flag:

Set-Cookie: flag=MetaCTF{n0nc0ns3nsu4l_c00ki3_cr4ckd0wn}; Expires=Tue, 25 Feb 2025 17:54:55 GMT; Max-Age=7200; HttpOnly; Path=/

We can also click on the Cookies tab within the Network tab and look at the Response Cookies section. This shows us the “flag” cookie, and by inspecting the contents of it we see the output below, which contains the flag:

expires	"2025-02-25T19:03:12.000Z"
httpOnly	true
path	"/"
value	"MetaCTF{n0nc0ns3nsu4l_c00ki3_cr4ckd0wn}"