Upon visiting the Wawacoin website, we are given a session cookie which on first look appears to be signed.
session=757365723d64656d6f|9183ff6055a46981f2f71cd36430ed3d9cbf6861
The session cookie is composed of two parts delimited by a pipe | character.
The first part appears to be URL-encoded form data in hex encoding. It decodes to user=demo implying we are logging with a low privilege user.
The signature is the second part and uses an unknown algorithm. The length of the signature matches the length of a SHA-1 hash. To ensure the integrity of the session data, the signature should be generated using HMAC+SHA-1 using a secret key. Without knowing the key, it would be impossible to alter the session data.
Because the the session data is represented as URL-encoded form data, it makes me believe the signature is not an HMAC. I hypothesized that the signature is the hash of the session data prefixed with a secret key (ie: signature = SHA1(secret + session data)).
This signature scheme is vulnerable to a length extension attack. Given a valid signature, it is possible to extend the session data by appending an arbitrary string at the end while also generating a valid signature. Because the session is encoded as form data, appending &user=admin could make it possible to escalate to an admin account.
This hypothesis turned out to be right. The following Python script was used to generate a valid signature for the session data user=demo[...]&user=admin. Upon requesting the page with the forged session cookie, we are greeted with the flag.
import requests
from hashpumpy import hashpump
url = 'http://wawacoin.challs.malice.fr/manager'
data = '757365723d64656d6f'.decode('hex')
signature = '9183ff6055a46981f2f71cd36430ed3d9cbf6861'
(forged_sig, forged_sess) = hashpump(signature, data, "&user=admin", 16)
session = forged_sess.encode('hex') + '|' + forged_sig
print requests.get(url, cookies={'session': session}, allow_redirects=False).content
# <h1>Congratz. You stole all my BaitCoins. The flag is <b>NDH{c7774051db4b8...}</b>.</h1>