Problem: Who doesn’t love cookies? Try to figure out the best one. http://mercury.picoctf.net:54219/
Solution:
So messing with the page you can enter ‘snickerdoodle’ into the search. It will take you to the check page which tells you the cookie isnt that imporant/special. Looking at the cookies you see name=0
so checking you can notice the name can be set to 1 which gives a different cookie type and no flag yet. Moving through it to find the flag will take a while so lets use curl.
Loop through a set of numbers setting the name cookie to some number and then grep’ing to find the flag.
for ((i=1;i<=100;i++)); do curl -H "Cookie: name=$i;" "http://mercury.picoctf.net:54219/check"; done | grep picoCTF{
Flag: picoCTF{3v3ry1_l0v3s_c00k135_96cdadfd}