MQCyberSec

MQCyberSec Logo

MQCyberSec
Back to Writeups

Cookie Monster Secret Recipe

by sealldev
PicoCTF icon PicoCTF web
easy
Suggested: #cyberchef
Cookie Monster Secret Recipe
Cookie Monster Secret Recipe

Description

Cookie Monster has hidden his top-secret cookie recipe somewhere on his website. As an aspiring cookie detective, your mission is to uncover this delectable secret. Can you outsmart Cookie Monster and find the hidden recipe? You can access the Cookie Monster here and good luck

Hint: Sometimes, the most important information is hidden in plain sight. Have you checked all parts of the webpage?
Hint: Cookies aren't just for eating - they're also used in web technologies!
Hint: Web browsers often have tools that can help you inspect various aspects of a webpage, including things you can't see directly.

We start with a plain login page: home.png

I try with some default credentials admin:admin, and get an error: loginerror.png

With the hint to check my cookies, I use EditThisCookie2 and see a Cookie called secret_recipe (You can also view your cookies with a web proxy like Burp Suite, in browser storage, etc):

cGljb0NURntjMDBrMWVfbTBuc3Rlcl9sMHZlc19jMDBraWVzXzk2RjU4REFCfQ%3D%3D

This is URL encoded (can be seen by the %3D which is equal to =) and this also looks like Base64!

I do this in CyberChef to decode it. I use URL Decode then From Base64: flag.png

Flag: picoCTF{c00k1e_m0nster_l0ves_c00kies_96F58DAB}

Related Writeups

3v@l

ABC Bank's website has a loan calculator to help its clients calculate the amount they pay if they take a loan from the ...

#medium

n0s4n1ty 1

A developer has added profile picture upload functionality to a website. However, the implementation is flawed, and it p ...

#easy

WebSockFish

Can you win in a convincing manner against this chess bot? He won't go easy on you! Hint: Try understanding the code an ...

#medium

Share this writeup

Contribute

Found an issue or want to improve this writeup?

Edit on GitHub