Cookie
Challenge Description

Solution
Landing Page

Directory fuzzing
gobuster dir -u https://cookiechallenge.pythonanywhere.com/ -w /usr/share/wordlists/seclists/Discovery/Web-Content/common.txt

Visiting
/robots.txt
, we find a secret directory named/sup3r_s3cr3t_d1r

Visiting
/sup3r_s3cr3t_d1r

Visiting
/cookie
, we get a jwt token

JWT Debugging
Using this website, we can decode the JWT token

And we can change the cookie by modifying the 2 marked fields in the payload
Changing
admin
totrue
andanswer
toyes

Replacing the cookie on the website and visiting
/sup3r_s3cr3t_d1r
, we get the flag

FLAG
YCTF{3a1_c00k13s_t0_51ay_a1iv3}
Last updated