LOTTERY ASIS-CTF-2014 Web-100 writeup

Screenshot from 2014-10-23 18:28:07

This question it the basic of the web challenge if we go to the link given above we usually get a message like this when we visit the page for the first time 🙂

Screenshot from 2014-10-23 21:06:49

As the page says let’s visit the page for the second time 🙂

Screenshot from 2014-10-23 21:11:10

So here comes the lottery which says that we are 2444th visitor and we need to become the 1234567890th visitor to get the lottery also with the clue saying that don’t hack cookies. We should be always doing the thing that we are not supposed to do so let’s try hacking the cookies. But the first thing we need to do when we see a web question is to view the source page of the given question 🙂 but when you see the source page you will understand that there is no other way to find the visitor number except the cookie 🙂

If you not aware what a cookie is find about it

I have a cool tool which is called as “edit this cookie” to edit the cookies you can get it in the chrome store at

if you look at the cookie named Visitor you will see a value like this which is url encoded


for more details about it visit this wiki page of the URL encoding

If you have doubt why we should use the URL encoding this link will give the answer to you

If you decode it using any tool, I use this online tool

The decoded result will be like this


which again seems to be like a base64 encoding if you decode it the output looks like this


2456 seems our number which we visited so if we could change the number to 1234567890 we could win the lottery (get the flag 😀 )
The number after the 2456 is nothing but the md5sum of the number 2456 🙂



is the one we need to make the value of the cookie to base64


and finally we need to encode it with URL encoding which looks like


so if you submit the cookie and refresh the page you get the flag as


Here is the screenshot of the flag 🙂

Screenshot from 2014-10-24 19:13:47


Feel free to comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.