BlueHat CTF — Q29VA2LL

I had the chance to play the Bluehat CTF this year made by Jonathan Bar Or. This blog will discuss the way I solved the webchallenge Q29VA2LL. I’ve written up some other challenges here.

To solve this challenge we need to gain access to the Q29VA2LL page. When you tried to visit the page in a browser, you got the error message below:

Looking at the request through a proxy, I noticed that there was an “is_authorized” cookie in the server response which was set to false. I changed the cookie value to true and got the flag!

I’ve written up some other challenges here: https://medium.com/@jpg.inc.au/bluehat-2018-ctf-ef63c48c3a7a