📊 Challenge Overview

Category	Details	Additional Info
🏆 Event	RingZer0 CTF	Event Link
🔰 Category	Web	🌐
💎 Points	1	Out of 1 total
⭐ Difficulty	🟢 Easy	Personal Rating: 0/10
👤 Author	Mr.Un1k0d3r	Profile
🎮 Solves (At the time of flag submission)	3.588	solve rate
📅 Date	06-03-2025	RingZer0 CTF
🦾 Solved By	mH4ck3r0n3	Team:

🎯 Challenge Files & Infrastructure

Provided Files

1	Files: None

🔍 Initial Analysis

First Steps

Initially, the website appears as follows:

I then decided to inspect the page source, but I didn’t find anything interesting. Next, I decided to take a look at the cookies.

I found a strange flag cookie with the value 0… Let’s move on to the exploitation phase.

🎯 Solution Path

Exploitation Steps

Exploitation

The procedure seems quite obvious… By setting the value of the flag cookie to 1 and refreshing the page with F5, I was able to obtain the flag.

Flag capture

🛠️ Exploitation Process

Approach

The automatic exploit performs exactly the same procedure as the manual one, sending a request with the flag=1 cookie and extracting the flag from the response using a regex. (I also tried adding automatic submission, but the CSRF token was updating with every request, and using simple session from python requests wasn’t enough to handle it).

•  Exploit

🚩 Flag Capture

Flag

Proof of Execution

Screenshot of successful exploitation

🔧 Tools Used

Tool	Purpose
Python	Exploit

💡 Key Learnings

Time Optimization

• Always inspect the page source of every page, the cookies, etc…

Skills Improved

• Binary Exploitation
• Reverse Engineering
• Web Exploitation
• Cryptography
• Forensics
• OSINT
• Miscellaneous

📊 Final Statistics

Created: 06-03-2025 • Last Modified: 06-03-2025 *Author: mH4ck3r0n3 • Team: *