Empire2 - 450pt

Challenge

Well done, Agent 513! Our sources say Evil Empire Co is passing secrets around when you log in: https://2019shell1.picoctf.com/problem/40536/ (link), can you help us find it? or http://2019shell1.picoctf.com:40536

Hints

Pay attention to the feedback you get
There is very limited filtering in place - this to stop you from breaking the challenge for yourself, not for you to bypass.
The database gets reverted every 2 hours if you do break it, just come back later

Solution

First of all let’s register and login, then we try to create a todo with {{config}} and we can see in the list of todos a lot of information about the flask server

we can see the secret key to sign cookies and we know that picoCTF{your_flag_is_in_another_castle12345678} is not the flag, but maybe there’s some cookie the website is giving us, and if we check we find that there is one

and if we decode it with flask-session-cookie-manager we actually find our flag picoCTF{its_a_me_your_flag786f93f7}