📊 Challenge Overview

Category	Details	Additional Info
🏆 Event	PicoGym	Event Link
🔰 Category	Web	🌐
💎 Points	500	Out of 500 total
⭐ Difficulty	🟡 Medium	Personal Rating: 4/10
👤 Author	madStacks	Profile
🎮 Solves (At the time of flag submission)	9.134	solve rate
📅 Date	21-02-2025	PicoGym
🦾 Solved By	mH4ck3r0n3	Team:

📝 Challenge Information

I forgot Cookies can Be modified Client-side, so now I decided to encrypt them! http://mercury.picoctf.net:25992/

🎯 Challenge Files & Infrastructure

Provided Files

1	Files: None

🔍 Initial Analysis

First Steps

Initially, the website appears as follows:

I decided to immediately inspect the cookies since this is the third challenge in the series of cookie challenges (Cookies, Most Cookies). Trying to decode the base64, I didn’t find anything useful, so I unlocked the hint that led me here: https://en.wikipedia.org/wiki/Homomorphic_encryption. But I have to admit, I know next to nothing about cryptography, so I decided to check the writeup after a couple of tries. I discovered that it was a CBC (Cipher Block Chaining) which apparently is vulnerable to a Bit-Flip Attack. In the session cookie, there’s a bit most likely set to 0 that grants admin privileges, so you can try a brute force attack and by modifying the correct bits in the cookie value (bit flipping), you can alter the meaning of the data, for example, elevating the privileges to admin. I found a pretty complete exploit: https://github.com/HHousen/PicoCTF-2021/blob/master/Web%20Exploitation/More%20Cookies/improved_script.py. Let’s move on to exploitation.

🔬 Vulnerability Analysis

Potential Vulnerabilities

• Bit-Flip Attack

🎯 Solution Path

Exploitation Steps

Initial setup

As a first step, I analyzed the exploit before running it. I understood that with the first for loop, it iterates over the bytes of the extracted cookie, and with the second one, it iterates over the bits of each byte one by one (since 1 byte = 8 bits). It then attempts to manipulate the cookie using bit-flipping, testing each bit in every byte to find the combination that grants administrative access. It sets a bit to 1 and makes the request with the modified cookie. If the response contains picoCTF{, it means the correct bit was found, and it extracts the flag from the response.

Exploitation

The exploitation phase was to change some values in the script and simply run it until I got the cookie. Once I obtained it, I inserted it through ChromeDevTools, refreshed the page (F5), and got the flag. (Looking at it now, it seems like something quite simple and not too impossible, I could have easily figured it out on my own, but I got a bit scared by that wiki page ^^’).

Flag capture

🛠️ Exploitation Process

Approach

The automated exploit performs the previously described process and extracts the flag from the response using a regex.

•  Exploit

🚩 Flag Capture

Flag

Proof of Execution

Screenshot of successful exploitation

🔧 Tools Used

Tool	Purpose
Python	Exploit

💡 Key Learnings

New Knowledge

I have learned what a bit-flipping attack is.

Skills Improved

• Binary Exploitation
• Reverse Engineering
• Web Exploitation
• Cryptography
• Forensics
• OSINT
• Miscellaneous

📚 References & Resources

Learning Resources

• https://en.wikipedia.org/wiki/Homomorphic_encryption
• https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_block_chaining_(CBC)
• https://crypto.stackexchange.com/questions/66085/bit-flipping-attack-on-cbc-mode/66086#66086
• https://github.com/HHousen/PicoCTF-2021/blob/master/Web%20Exploitation/More%20Cookies/improved_script.py

📊 Final Statistics

Created: 21-02-2025 • Last Modified: 21-02-2025 *Author: mH4ck3r0n3 • Team: *