Empire2

Problem

Well done, Agent 513! Our sources say Evil Empire Co is passing secrets around when you log in: https://2019shell1.picoctf.com/problem/40536/ (link), can you help us find it? or http://2019shell1.picoctf.com:40536

Solution

  1. Create an account and sign in

  2. Use EditThisCookieto get flask session cookie

  3. Use https://www.kirsle.net/wizards/flask-session.cgi to decode the cookie or use Empire3 solution to decode.

Example Cookie

Encoded:

.eJwljzFuwzAMRe-iOQNlSqKUtUBP0F2gKDI10taFbA9FkLtXQLY_vAe8_3DVhu6f7nqMUy-urt1dXYgIzXPPKNIpcwQuzIopIhomgUSYuaeWAaVAQy6tS2mBrHgWxB6RKAH6FgJnZF5iakytZJWF2cBPuEhULMuCgjH7EBQk4iIazV2c7MPqsd31Z_YYK4WQcwxAnRBUzc8WBZPgfcne9w5zTa_zuNddZegxxd9VtreP98d67JXrt9a_7RzVvvhGOVlBo-d0zl3H6zi65z9H6FCp.XaOo9w.vk17n4yNDaVXM9EAfQWOBfycsRc

Decoded:

{
    "_fresh": true,
    "_id": "4530b1ad83ccd78a50a9aae36533f36c06738ad6b803c90b3a9bdc9b47f91ac33d53776031b44a83aa256ba7b98ec2aaf019b49c5e39223c358144e0c532ce5f",
    "csrf_token": "fae744885407d730eef1653e0fc4119811dd0411",
    "dark_secret": "picoCTF{its_a_me_your_flag786f93f7}",
    "user_id": "3"
}

Flag

picoCTF{its_a_me_your_flag786f93f7}

PreviousEmpire1Nextcereal hacker 1

Last updated