NetOn CTF 2021 - Picnicnic

Web – 222 pts (20 solves) – Chall author: eljoselillo7

Simple cookie trail containing base64 encoded pieces of the flag.



Upon visiting the given website we are greeted with four appetising pictures of some cookies. Yum! However, there is a fifth. If we inspect the page (F-12) and check the ‘Storage’ tab we see another cookie, named ‘flag’ with the value ‘TkVUT057MHV’. This looks a lot like base64 encoding, and indeed we find


However, this is only a part of the flag… Deleting our cookie and refreshing the connection just gives us the same cookie. What about visiting through curl and sending this cookie with us. (Or setting the cookie value in your browser through inspect.)

$ curl -v --cookie "flag=TkVUT057MHV"

Remember to use the verbose option ‘-v’ in order to see the cookie information.

Suddenly, our cookie value has changed! In fact, we can do this process four times to find all four pieces of the flag.

In base64 encoding


which gives us the flag