Post

RootMe - HTTP Cookies

RootMe challenge walkthrough - HTTP - Cookies

Posted Updated
Preview Image
By Mustafa Eltayeb
1 min read

RootMe – HTTP - Cookies

Mission
Get all emails from Bob.

Analysis

  • There’s a basic script that collects emails from users.
  • Trying to access all emails fails because we are not an admin (access restricted by role).

Solution steps

  1. Open Developer Tools → go to the Application tab → Cookies section.

  2. Look for the cookie that likely controls user role (value is set to visitor).

  3. Edit the cookie value and change it from visitor to admin.
  4. Refresh/reload the page → the restricted content (all emails / password) now appears.

Finished. Happy Hacking! 🔓

Follow me:

Root Me, web server
RootMe CTF Web HTTP Cookies Authentication
This post is licensed under CC BY 4.0 by the author.