PicoCTF - Biscuit
Your friend has a personal website. Fortunately for you, he is a bit of a noob when it comes to hosting a website. Can you find out what he is hiding?
Let's view the source.
That's some pretty obvious stuff here. Let's jump to the private directory, and download the cookies.sqlite.
Now we have to try and extract the cookies from the file.
Great! It's working. Now we can view the tables existing in this database, and then extract the password.
One last step would be editing our cookies using EditThisCookie extension.
And lastly reload the page.
And we have another flag to collect.