ASIS-CTF Finals 2014 - Lottery (100pts) writeup
The challenge description was: Go here: http://asis-ctf.ir:12437
It's a site related to betting/lottery and we are greeted with this message:
The 1234567890 th visitor, the prize awarded.
Anyone who has visited our site is the 1234567890 th Special prizes are awarded.
Welcome, It seems that you are visiting our website first time :)
Sorry, visit our again later :(
Apparently we need to be the 1234567890th visitor to win the big prize, let's refresh the page and see if the message is the same:
The 1234567890 th visitor, the prize awarded.
Anyone who has visited our site is the 1234567890 th Special prizes are awarded.
You have visited us already
You are the 2280 visitor
Don't hack cookies, we are alive :)
Well ok that's a pretty big hint, checking the cookies we have the following:
Visitor = MTM3OTpiYWQ1ZjMzNzgwYzQyZjI1ODg4NzhhOWQwNzQwNTA4Mw%3D%3D
This looks like a base64 encoded string:
mrt:~/asis/how_much$ echo "MjI4MDpkYzE2NjIyZGRjNzY3ZTZiYzEyMDBmZTVkZjJmYmRmYg==" | base64 --decode
2280:dc16622ddc767e6bc1200fe5df2fbdfbWe have our current visitor number and what seems to be a MD5 hash next to it. Let's check if the md5 is just the hash of the visitor number:
mrt:~/asis/how_much$ echo -n "2280" | md5sum -
dc16622ddc767e6bc1200fe5df2fbdfb -It is. We just have to set the visitor number we want, create a MD5 hash of it, and set that value as our new cookie:
mrt:~/asis/how_much$ echo -n "1234567890:e807f1fcf82d132f9bb018ca6738a19f" | base64
MTIzNDU2Nzg5MDplODA3ZjFmY2Y4MmQxMzJmOWJiMDE4Y2E2NzM4YTE5Zg==After setting the urlencoded value as our cookie we get this message:
The 1234567890 th visitor, the prize awarded.
Anyone who has visited our site is the 1234567890 th Special prizes are awarded.
the flag is: ASIS_9f1af649f25108144fc38a01f8767c0c
We got our flag:
ASIS_9f1af649f25108144fc38a01f8767c0c