So here’s my writeup for the CrikeyCon 2017 CTF challenge called “Koala Gallery” wrote by this awesome guy called…..ME! 🙂
Now…i’m no expert (clearly) but that looks like some sort of custom cookie. The value looks like a MD5 hash.
And if we keep requesting the page, we get a different cookie each time, but then we seem to start to get some which are the same as a previous cookie. After a while, we end up building a list of about 10 cookies, and sometimes we get one of these more than once.
I just decoded 2 there, but we can see…they seem to decode to some names. If you were to decode the rest you’d find more names.
Ahhhh, so each cookie seems to correspond to a bear in the gallery. If you kept getting all the cookies, you’d find you’d get an MD5 cookie which matches the name for each bear in the gallery.
Droppy! As you can see, he kinda stands out a bit more than the rest of the bears in the gallery. But we never get him as a cookie…why not?
Our flag! Winner winner, chicken dinner 🙂