MQCyberSec

MQCyberSec Logo

MQCyberSec
Back to Writeups

Cookie Monster Secret Recipe

by sealldev
PicoCTF icon PicoCTF web
easy
Suggested: #cyberchef
Cookie Monster Secret Recipe
Cookie Monster Secret Recipe

Description

Cookie Monster has hidden his top-secret cookie recipe somewhere on his website. As an aspiring cookie detective, your mission is to uncover this delectable secret. Can you outsmart Cookie Monster and find the hidden recipe? You can access the Cookie Monster here and good luck

Hint: Sometimes, the most important information is hidden in plain sight. Have you checked all parts of the webpage?
Hint: Cookies aren't just for eating - they're also used in web technologies!
Hint: Web browsers often have tools that can help you inspect various aspects of a webpage, including things you can't see directly.

We start with a plain login page: home.png

I try with some default credentials admin:admin, and get an error: loginerror.png

With the hint to check my cookies, I use EditThisCookie2 and see a Cookie called secret_recipe (You can also view your cookies with a web proxy like Burp Suite, in browser storage, etc):

cGljb0NURntjMDBrMWVfbTBuc3Rlcl9sMHZlc19jMDBraWVzXzk2RjU4REFCfQ%3D%3D

This is URL encoded (can be seen by the %3D which is equal to =) and this also looks like Base64!

I do this in CyberChef to decode it. I use URL Decode then From Base64: flag.png

Flag: picoCTF{c00k1e_m0nster_l0ves_c00kies_96F58DAB}

Related Writeups

l33t-benign

Now that you've figured out who was behind this operation, can you figure out who else was affected?

4spam

In the wake of last week's events, we've created a replacement (https://4spam.umbccd.net/). An old dump of some of the ...

Caddyshack

locate and connect to the server running on caddyshack.umbccd.net

Share this writeup

Contribute

Found an issue or want to improve this writeup?

Edit on GitHub