Advent Of Cyber 3 - Day 2

Posted on Dec 2, 2021
tl;dr: Cookie manipulation

Good rooms from where information about HTTP and Cookies can be found:

Todays challenge, static site on: Best Festival Monitoring

register an account: user: test mail: pass:testing123

when trying to create an account, a warning about we’re not allowed to create an account yet pops up: thm-aoc-day2

a cookie is created, called: user-auth


with some default values like Domain, HostOnly and such.

type of encoding on the value: Hexadecimal

{company: "The Best Festival Company", isregistered:"True", username:"test"}

it’s stored in object format: JSON

Use Cyberchef to create a new hex-value for, so we change the “username” to “admin” instead of “test”.

resulting value for the cookie:


manipulate the “value” portion in the browser for the user-auth cookie and refresh the webpage.

The team environment that isn’t responding is: HR

Team environment with network warning: Application