TJCTF2020 - Sarah Palin Fanpage

Posted on mar. 02 juin 2020 in CTF

solves : 505

Points: 35 

Written by jpes707

Are you a true fan of Alaska's most famous governor? Visit the Sarah Palin fanpage.



So, we need to have the all likes but can't get more that 4 on the website. We can detect as spam. The source code doesn't help to bypass hit. But, the likes seems stored somewhere. The basic place is within a cookie.

We found one, data, but seems encoded.

╰─ printf "eyIxIjpmYWxzZSwiMiI6ZmFsc2UsIjMiOmZhbHNlLCI0IjpmYWxzZSwiNSI6ZmFsc2UsIjYiOnRydWUsIjciOnRydWUsIjgiOnRydWUsIjkiOnRydWUsIjEwIjp0cnVlfQ==" | base64 -d

We can edit it back with all value from false to true and put it back to the browser:

╰─ printf '{"1":true,"2":true,"3":true,"4":true,"5":true,"6":true,"7":true,"8":true,"9":true,"10":true}' | base64