Cookie Monster Secret Recipe
Name: Cookie Monster Secret Recipe Description: Cookie Monster has hidden his top-secret cookie recipe somewhere on his website. As an aspiring cookie detective, your mission is to uncover this delectable secret. Can you outsmart Cookie Monster and find the hidden recipe? You can access the Cookie Monster here and good luck Author: Brhane Giday and Prince Niyonshuti N. Tags: Easy, Web Exploitation, picoCTF 2025, browser_webshell_solvable Challenge from: picoCTF 2025 Hints: 1. Sometimes, the most important information is hidden in plain sight. Have you checked all parts of the webpage? 2. Cookies aren't just for eating - they're also used in web technologies! 3. Web browsers often have tools that can help you inspect various aspects of a webpage, including things you can't see directly.
Theory
According to the description, to get the flag we have to retrieve some important cookies from the cookie monster or something like that. So let's go to the webpage.
Solution
So we'll open the website:
Oh a log in, I really don't know what the credentials might be, so let's just put admin, and enter:
Okay that makes total sense, they don't need us to log in they just like cookies so much, they risked their entire system's security just for cookie liking, great. So now let's go to the cookies, and yup there is something here:
That looks like some Base64, let's decode it with the website I always use:
BASE64 DECODE (Base64Decode.com)
INPUT: cGljb0NURntjMDBrMWVfbTBuc3Rlcl9sMHZlc19jMDBraWVzXzZDMkZCN0YzfQ==
OUTPUT: picoCTF{c00k1e_m0nster_l0ves_c00kies_6C2FB7F3}
There we go! That's the flag.
I rated this level as "good"! :3
https://play.picoctf.org/practice/challenge/469