Web – Empire2

Empire2 - 450pt

Challenge

Well done, Agent 513! Our sources say Evil Empire Co is passing secrets around when you log in: https://2019shell1.picoctf.com/problem/40536/ (link), can you help us find it? or http://2019shell1.picoctf.com:40536

Hints

Pay attention to the feedback you get
There is very limited filtering in place - this to stop you from breaking the challenge for yourself, not for you to bypass.
The database gets reverted every 2 hours if you do break it, just come back later

Solution

First of all let’s register and login, then we try to create a todo with {{config}} and we can see in the list of todos a lot of information about the flask server

alt tag
alt tag

we can see the secret key to sign cookies and we know that picoCTF{your_flag_is_in_another_castle12345678} is not the flag, but maybe there’s some cookie the website is giving us, and if we check we find that there is one

alt tag

and if we decode it with flask-session-cookie-manager we actually find our flag picoCTF{its_a_me_your_flag786f93f7}

alt tag

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *