Skip to content

Google CTF 2016 – Spotted Quoll Writeup

First write-up from: Google CTF 2016

Competition link can be found here:

After turning on dev tools in Chrome I began to look around the simple site. The major thing which stuck out was that by clicking on the ‘Admin’ link I would land on the following page:


While being directed to that page you end up being issued a cookie called ‘ObsoletePickle.’ It appeared to be encoded some how, I tried to decode from base64 and received some useful information.





Going from the hint in this string I looked in to ‘python pickles’ and found out it was a form of data serialization commonly used for transmitting data over a network. After messing around with pickles in python a for awhile I was able to reverse what string was fed in to the python pickle-creating function and the input looked like this:

{'python': 'pickles', 'subtle': 'hint', 'user': None}

Now that I was able to see it without all of the weird markup I understood that it was, essentially, 3 tuples and the second half of the last tuple was the Null datatype.

Returning to the ‘#err=user_not_found’ from earlier I had an idea of where to go with it. Since the link being clicked was to the ‘Admin’ page I replaced the ‘None’ datatype with the name ‘admin’ and then regenerated the pickle:

{'python': 'pickles', 'subtle': 'hint', 'user': 'admin'}

Once I had the new string, I encoded it to base 64 and manually changed my cookie to that value.


I was then able to go to the ‘admin’ page and the cookie was presented!

Leave a Reply

Your email address will not be published. Required fields are marked *