09 November 2014

Delicious! - 60

You have found the administrative control panel for the Daedalus Coperation Website: https://web2014.picoctf.com/delicious-5850932/login.php. Unfortunately, it requires that you be logged in. Can you find a way to convince the web site that you are, in fact, logged in?
This problem requires a cookie editor extension, and the best browser to solve this problem with would be Chrome, since it has good cookie editing extensions. I installed two cookie editing extensions for Chrome: (1) EditThisCookie and (2) Cookie Inspector.

You don't have to install both extensions, or even those extensions in specific, but I still did because of reasons.

After installing the extensions, open the administrative control panel link. It says that I'm not logged in because there are too many people that are logged in.

Now's the part where the cookie editors come in. Right-click and press 'Inspect Element'. Click on the 'EditThisCookie' pane. There should be 9 columns, and under the 'Value' column it should have the number 67.

Click on it and enter any number. When you're finished, refresh the page and keep entering different numbers until you reach this page:

The number I put in was '21'. The flag is session_cookies_are_the_most_delicious