 What's up, YouTube? This is another video write-up for the challenge Fortune Cookie from CodeFest CTF 2018. Stupid challenge frontier. It's just giving us a website. We want to figure out how we can get the secret behind there and we can go overhead and proceed to it. They should like the website all it all it says to us is you're not authorized for this information. Whatever. View the source. Nothing interesting in there. That kind of sucks. Low hanging fruit here. Robots.txt doesn't give us anything. That's not real. We can pass it to Nito, but it won't give us anything. Nothing particularly useful. So what I ended up doing was opening up the dev tools in the web browser here, and I just checked the network tab. I went ahead and refreshed the page so I could actually get that request here. And I'll try and blow this up so you can see a little bit more. But as we actually examined that request we get, it looks like we are actually getting a cookie set with the value or the variable name who are you or at least the name of the cookie is who are you. The value being me and it expires immediately at the time that we actually end up setting it max age zero. So I don't actually see it when I look at my cookies here. So I'm actually using cookie editor or edit this cookie. It's a Google Chrome extension, but knowing that we have that cookie supposedly being set. Let's go ahead and set a value or Create a cookie who are you and let's just call it like please sub. I don't know if it'll be anything other than admin that will work for us, but whatever. Let's change it to admin and see if it'll actually be okay. If I go ahead and refresh this page, it does give us the flag just like that. So pretty dumb, pretty stupid, whatever. Simple, simple challenge. Just kind of exploring and poking around. Let's go ahead and create a get flag script for this as well. Don't know why I had an extra Y there. Let's get the URL so I can user bin Python. Get our Shebang line going. I'm going to use the request module, which if you don't have installed you can sudo pip install. If you don't have pip, you can sudo apt to get install pip. And then let's just go ahead and create a get request here with that URL. Let's say cookies can equal a dictionary for values who are you and then set it to the string admin. So we can just solve that R print R dot text. And just like that, we should be able to get the flag. Super easy, super simple. Mark that as executable. Make this challenge complete. And we are done just like that. So thank you guys for watching. Super quick, super simple. Not that difficult of a challenge, just doing your own recon and enumeration for the web challenge. Special shout out to the best people in the world that love me on Patreon. Thank you guys so much. I cannot say thank you enough for your support. One dollar or more on Patreon a month will give you a special shout out just like this. I mean every video five thousand more on Patreon will give you early access to everything that released on YouTube before it goes live because I normally record in bulk and the YouTube gradually upload in the room and be released etc etc. So if you want the content right when it's hot five dollars a month is the best way to do that and really helps me put food on the table. If you did like this video please do like comment and subscribe but join our discord server link in the description. It's a cool community of CTF players, programmers and hackers. You can want to hang out with me and other awesome people. Best place to do that will be tackling ICTF and Nox CTF and other upcoming games as a team. So if you want to hang out with friends that's the cool place. Great. See you guys in the next video. Love you. It's not not in the weird way.