Defcon 19 CTF Prequals – PP300

The challenge

Pwtent Pwnables 300 was a webpage containing three images, a YouTube movie and a clock countdown implemented in Javascript. We were able to pull some weird strings from the images like ‘is reddit netsec uber enough to play a game’ and something like a hash. We thought it would have something to do with the reddit netsec website but at this point we got stuck.

After closer inspecting the HTTP packets we noticed the server was running Ruby on WEBrick and a Set-Cookie header was set.
Requesting the index page gave us the following Cookie:
{Read More}