Cookie

Challenge Description

Challenge Description

Solution

Landing Page

Directory fuzzing

gobuster dir -u https://cookiechallenge.pythonanywhere.com/ -w /usr/share/wordlists/seclists/Discovery/Web-Content/common.txt

Gobuster

• Visiting /robots.txt , we find a secret directory named /sup3r_s3cr3t_d1r

robots.txt

• Visiting /sup3r_s3cr3t_d1r

• Visiting /cookie, we get a jwt token

cookie

JWT Debugging

• Using this website, we can decode the JWT token

token.dev

• And we can change the cookie by modifying the 2 marked fields in the payload

• Changing admin to true and answer to yes

• Replacing the cookie on the website and visiting /sup3r_s3cr3t_d1r, we get the flag

flag

FLAG

YCTF{3a1_c00k13s_t0_51ay_a1iv3}