CodeFest CTF 2017 - Anonymous Recruitment Writeup

by dpstart
September 24, 2017

This is the page we see when we access the service:

<img class=”img-responsive” src=”/assets/codefest17/cookie-1.png” alt=”Signup form with username and password fields” width=”603” height=”258>

Going through the page cookies, I found this:

Screenshot of cookie named 'flag' with true value

I tried to set the flag cookie to False and send the form. As a result, the old form is replaced by the following:

Modified signup form with username as 'root'

After several tries, I found out that the correct username was root.

I sent the form again:

Submitted form with username as 'root'

In the list of cookies, I now see this:

Screenshot of 'pass' cookie containing MD5 hash

The values of the pass cookie is an md5 hash for the word aunty. I type it as a password, and I find out it’s the flag:

Page displaying flag after entering correct password