Empire3

Problem

Agent 513! One of your dastardly colleagues is laughing very sinisterly! Can you access his todo list and discover his nefarious plans? https://2019shell1.picoctf.com/problem/45132/ (link) or http://2019shell1.picoctf.com:45132

Solution

  1. Create an account and sign in

  2. Use EditThisCookieto get flask session cookie

  3. Create a todo of {{config}} and get the flask SECRET_KEY variable (used for encoding session cookies)

  4. Paste SECRET_KEY into secret_key variable of attached script

  5. Paste flask cookie into regular_user_cookie variable of attached script

  6. Run script to decode cookie and paste into cookie_dict variable

  7. Change "user_id": "x" to "user_id": "2"

  8. Run script again and change cookie to the new cookie

  9. Reload the page and the flag should be given

Example Output

Decoded Cookie:
{'_fresh': True, '_id': '669830bc929eb8755b468ad78734441992a8275815de8e86acaefc907af730c0f014a3c1aebb5c4f81924a9e400164894ab9f21fda058f1542b5d07c5cccc5a3', 'csrf_token': '86c56031ea9ab7555bb9e367a80f6a3bf72a1c59', 'user_id': '3'}

Encoded Cookie For User 2:
.eJwlzzFqBTEMBNC7uE4h2ZIt5TKLpJVICCSw-38VcvdvyHRTDLz5bUddeX-09_a4ntne2vF57jKnygAP7Zoui9lpip1L1iAiVO0mfbEgnykp08KyQmFZrQEBBUg2Ai3dOagEtZNpEgBOEiVzrY51GrAUMnXnE1Zw7LCNDYn7quPx85Xf2yMzeMLANDXfHHbXHHOZQE0bXqsbBuvePe-8_k_09vcCf5o-3g.XaOrlQ.dWJr-X0v22Dhdt0rswb0cvI3lMk

Flag

picoCTF{cookies_are_a_sometimes_food_8038d44f}

Previouscereal hacker 1Nextcereal hacker 2

Last updated