URL: http://badmedicine.shallweplayaga.me:8042
Type: cookie tampering
Solution: who wants oatmeal raisin anyways twumpAdby
 

• if we set username to phoenix, we obtain:

  success!
  logged in as phoenix
  the key is only for the admin

• if we set username to admin, we obtain:

  admin login disabled

Let’s inspect HTTP headers :

POST /login HTTP/1.1
Host: badmedicine.shallweplayaga.me
Content-Type: application/x-www-form-urlencoded
Content-Length: 12
 
username=CTF
--------------------------------------------------------------------
HTTP/1.1 303 See Other
Date: Mon, 17 Jun 2013 13:44:10 GMT
Location: /welcome
Set-Cookie: username=2bf80e
Transfer-Encoding: chunked
Content-Type: text/plain; charset=utf-8

 
/login seems to encrypt the submited username and then redirect to /welcome.
If username is ‘admin’, cookie is not set…
 
Let’s try more usernames and look at the generated cookies to see if we can guess the encryption scheme (spaces inserted in cookie value for readability):

So each username’s char is encrypted depending on his place, and cookie value is the resulting hex form. Last line tells us that admin cookie value should be 09c8259ca0. Now, to obtain the challenge key, we just have to call /welcome page with this cookie:

GET /welcome HTTP/1.1
Host: badmedicine.shallweplayaga.me
Cookie: username=09c8259ca0
--------------------------------------------------------------------
HTTP/1.1 200 OK
Date: Mon, 17 Jun 2013 14:21:55 GMT
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
 
f4
<!DOCTYPE html>
<html>
  <head>
    <title>badmedicine</title>
  </head>
  <body>
    <h1>badmedicine</h1>
    <h2>success!</h2>
    <p>logged in as admin</p>
    <p>The key is: who wants oatmeal raisin anyways twumpAdby
</p>
  </body>
</html>

Going further

Analysing deeper the encryption scheme, it seems that it is based on a XOR with an infinite cipher bytestream (maybe a random stream with a given seed):

So admin cookie would be 68ac48f5ce ^ "admin" = 09c8259ca0