Google CTF 2016 // Purple Wombats (100 points)

Capture the Flag, Google CTF 0 Comment 334

This challenge required us to send an encrypted cookie to the server. Luckily, the encryption key was readily available.

A hint in the page source led us to a Git repository, where the secret-key was included. We ran the code locally, set the username to ‘admin’, set the cookie on the vulnerable website, then obtained the flag.



Leave a Reply


Back to Top