Posted on by and filed under ASIS 2014.

Challenge

For this challenge, you visit the website http://asis-ctf.ir:12437/. At the website, there is a basic message about being a specific visitor to win the prize:

Awarded the prize

After checking the cookies, there is a specific value that is written:

This value ends with the entity %3D, which is =, meaning that the value is base64. After decoding, we get the following string:

The second part appears to be MD5, so after hashing the first value, we can firm that it indeed is MD5 of the first value. Change the first value to 1234567890 as requested for this challenge and append :MD5(1234567890), and base64 encode the total value to get the final cookie value:

This reveals the flag: