[Pentester Academy] Web Application Security Challenge 11

This Challenge was one of the good challenges i have seen on this site till now.
below is the snip when i first time visited the page…

 there is cookie value over here ….when i forwarded the request the response set the cookie with field s1,s2,s3,s4,s5 to some values and when i again requested the page s1,s2,s3,s4,s5 values change to something else

what i find is that s3 value have only first two digits different than any other s3 value …rest all digits of s3 are same.
so then i used Burp intruder with first two digits of s3 as payload