🌐 Cookie Monster Secret Recipe

A detailed write-up of the Web challenge 'Cookie Monster Secret Recipe' from PicoCTF - 2025

mH4ck3r0n3 Ethical Hacking/CTFs/Jeopardy/PicoCTF-2025/Web Exploitation

17/03/2025 350 words 2 minutes

Contents

/images/PicoCTF-2025/Web/CookieMonsterSecretRecipe/challenge_presentation.png — Challenge Presentation

📊 Challenge Overview

Category Details Additional Info

🏆 Event PicoCTF - 2025 Event Link

🔰 Category Web 🌐

💎 Points 50 Out of 500 total

⭐ Difficulty 🟢 Easy Personal Rating: 0/10

👤 Author Brhane Giday and Prince Niyonshuti N. Profile

🎮 Solves (At the time of flag submission) 3.498 solve rate

📅 Date 10-03-2025 PicoCTF - 2025

🦾 Solved By mH4ck3r0n3 Team:

Category	Details	Additional Info
🏆 Event	PicoCTF - 2025	Event Link
🔰 Category	Web	🌐
💎 Points	50	Out of 500 total
⭐ Difficulty	🟢 Easy	Personal Rating: 0/10
👤 Author	Brhane Giday and Prince Niyonshuti N.	Profile
🎮 Solves (At the time of flag submission)	3.498	solve rate
📅 Date	10-03-2025	PicoCTF - 2025
🦾 Solved By	mH4ck3r0n3	Team:

📝 Challenge Information

Cookie Monster has hidden his top-secret cookie recipe somewhere on his website. As an aspiring cookie detective, your mission is to uncover this delectable secret. Can you outsmart Cookie Monster and find the hidden recipe? You can access the Cookie Monster here and good luck

🎯 Challenge Files & Infrastructure

Provided Files

1

Files: None

🔍 Initial Analysis

First Steps

Initially, the website appears as follows:

Site Presentation

On the login screen, when trying to enter username=admin&password=admin, you are redirected to a page where it says that credentials are not needed, only the cookies are required. So, I immediately decided to inspect them:

Login

As we can see, they appear to be base64 encoded.

🎯 Solution Path

Exploitation Steps

Exploitation

I immediately tried to decode it using bash (even though there were two URL-encoded characters %3D, it should work the same, and they can be removed or replaced with =):
1
echo; echo cGljb0NURntjMDBrMWVfbTBuc3Rlcl9sMHZlc19jMDBraWVzXzc3MUQ1RUIwfQ%3D%3D | base64 -d  
By doing this, I found the flag.

Flag capture

Manual Flag

🛠️ Exploitation Process

Approach

The automated exploit performs exactly the steps done manually: it sends a POST request to the /login.php page and then extracts the cookies and decodes them.

Exploit

🚩 Flag Capture

Flag

picoCTF{c00k1e_m0nster_l0ves_c00kies_771D5EB0}

Proof of Execution

Automated Flag

Screenshot of successful exploitation

🔧 Tools Used

Tool Purpose

Python Exploit

WebDevTools Web Testing

Tool	Purpose
Python	Exploit
WebDevTools	Web Testing

💡 Key Learnings

Skills Improved

Binary Exploitation

Reverse Engineering

Web Exploitation

Cryptography

Forensics

OSINT

Miscellaneous

📊 Final Statistics

Metric	Value	Notes
Time to Solve	00:00	From start to flag
Global Ranking (At the time of flag submission)	3655/8327	Challenge ranking
Points Earned	50	Team contribution

Created: 10-03-2025 • Last Modified: 10-03-2025 *Author: mH4ck3r0n3 • Team: *