Empire3
Last updated
Was this helpful?
Last updated
Was this helpful?
Agent 513! One of your dastardly colleagues is laughing very sinisterly! Can you access his todo list and discover his nefarious plans? (link) or
Create an account and sign in
Use EditThisCookieto get flask session cookie
Create a todo of {{config}}
and get the flask SECRET_KEY
variable (used for encoding session cookies)
Paste SECRET_KEY
into secret_key
variable of attached script
Paste flask cookie into regular_user_cookie
variable of attached script
Run script to decode cookie and paste into cookie_dict
variable
Change "user_id": "x"
to "user_id": "2"
Run script again and change cookie to the new cookie
Reload the page and the flag should be given
picoCTF{cookies_are_a_sometimes_food_8038d44f}