PicoCTF-2019 Writeup
  • HHousen PicoCTF-2019 Writeup
  • Binary Exploitation
    • L1im1tL355
    • messy-malloc
    • OverFlow 2
    • CanaRy
    • NewOverFlow-1
    • NewOverFlow-2
    • sice_cream
    • seed-sPRiNG
    • leap-frog
    • GoT
    • rop64
    • rop32
    • Ghost_Diary
    • zero_to_hero
    • Challenge Name
    • Heap overflow
    • slippery-shellcode
    • AfterLife
    • SecondLife
    • stringzz
  • Cryptography
    • la cifra de
    • b00tl3gRSA2
    • b00tl3gRSA3
    • AES-ABC
    • john_pollard
    • b00tl3gRSA2
    • waves over lambda
  • Forensics
    • What Lies Within
    • m00nwalk
    • shark on wire 1
    • shark on wire 2
    • Glory of the Garden
    • pastaAAA
    • Investigative Reversing 0
    • Investigative Reversing 1
    • extensions
    • investigation_encoded_1
    • Investigative Reversing 2
    • investigation_encoded_2
    • Investigative Reversing 3
    • like1000
    • Investigative Reversing 4
    • WebNet0
    • B1g_Mac
    • m00nwalk 2
    • WebNet1
    • WhitePages
    • So Meta
    • c0rrupt
  • Web Exploitation
    • Java Script Kiddie 2
    • Empire1
    • Empire2
    • cereal hacker 1
    • Empire3
    • cereal hacker 2
    • Java Script Kiddie
    • JaWT Scratchpad
    • Irish-Name-Repo 1
    • Irish-Name-Repo 2
    • Irish-Name-Repo 3
  • Reverse Engineering
    • Time's Up, Again!
    • Forky
    • droids0
    • Challenge Name
    • droids1
    • droids2
    • droids3
    • reverse_cipher
    • droids4
    • B1ll_Gat35
    • Time's Up
    • Time's Up, For the Last Time!
    • asm1
    • asm2
    • asm3
    • asm4
  • Challenge Name
Powered by GitBook
On this page
  • Problem
  • Solution
  • Example Cookie
  • Flag

Was this helpful?

Edit on Git
  1. Web Exploitation

Empire2

PreviousEmpire1Nextcereal hacker 1

Last updated 4 years ago

Was this helpful?

Problem

Well done, Agent 513! Our sources say Evil Empire Co is passing secrets around when you log in: (link), can you help us find it? or

Solution

  1. Create an account and sign in

  2. Use EditThisCookieto get flask session cookie

  3. Use to decode the cookie or use Empire3 solution to decode.

Example Cookie

Encoded:

.eJwljzFuwzAMRe-iOQNlSqKUtUBP0F2gKDI10taFbA9FkLtXQLY_vAe8_3DVhu6f7nqMUy-urt1dXYgIzXPPKNIpcwQuzIopIhomgUSYuaeWAaVAQy6tS2mBrHgWxB6RKAH6FgJnZF5iakytZJWF2cBPuEhULMuCgjH7EBQk4iIazV2c7MPqsd31Z_YYK4WQcwxAnRBUzc8WBZPgfcne9w5zTa_zuNddZegxxd9VtreP98d67JXrt9a_7RzVvvhGOVlBo-d0zl3H6zi65z9H6FCp.XaOo9w.vk17n4yNDaVXM9EAfQWOBfycsRc

Decoded:

{
    "_fresh": true,
    "_id": "4530b1ad83ccd78a50a9aae36533f36c06738ad6b803c90b3a9bdc9b47f91ac33d53776031b44a83aa256ba7b98ec2aaf019b49c5e39223c358144e0c532ce5f",
    "csrf_token": "fae744885407d730eef1653e0fc4119811dd0411",
    "dark_secret": "picoCTF{its_a_me_your_flag786f93f7}",
    "user_id": "3"
}

Flag

picoCTF{its_a_me_your_flag786f93f7}

https://2019shell1.picoctf.com/problem/40536/
http://2019shell1.picoctf.com:40536
Website
https://www.kirsle.net/wizards/flask-session.cgi