Connect from the gateway to the website to answer the question.

Gateway connection information: ssh -p 666 pass: iop Website connection information: http://webcook/

Show us your mastery of BASH and WEB!

Fast and Hungry!

FLAG format: FLAG{PenTh1um2_1s_4_devil}

Author: Penthium2 (BZHack)

Connecting to the gateway via SSH, I start by making a simple curl request to observe the behavior :

curl http://webcook/

<!DOCTYPE html>
    <title>Quiz cook</title>
    <h1>Quiz cook</h1>
    <form action="/check_answer" method="post">
        <div>quel est le nom de l&#39;asso en minuscule qui organise ce CTF ?<p>donnez la réponse en md5</p></div>
        <input type="text" name="answer" placeholder="Réponse">
        <button type="submit">Vérifier</button><br>
        <p>Vous avez 2sec</p>

In view of the information returned, I decide to make a POST request and send the desired response :

curl -X POST http://webcook/check_answer -d 'answer=b1fee1d5fe5e03b8d8bccf115cbbc94a'

The server sends me back the value Invalid cookie or answer but I am sure of the answer, I then check the headers of the site :

curl -I http://webcook/

HTTP/1.0 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 436
Vary: Cookie
Set-Cookie: session=eyJfcGVybWFuZW50Ijp0cnVlLCJmbGFnNGFsbCI6ImZsYWc0YWxsXzY3MzIifQ.ZTU01A.xRvRVX1sTUnFChABbj_TEKHg5PQ; Expires=Sun, 22-Oct-2023 14:42:30 GMT; HttpOnly; Path=/
Server: Werkzeug/1.0.1 Python/3.9.2
Date: Sun, 22 Oct 2023 14:42:28 GMT

I see that the session cookie expires after 2 seconds :

Date: Sun, 22 Oct 2023 14:42:28 GMT
Expires=Sun, 22-Oct-2023 14:42:30 GMT

Finally, I retrieve the value of the session cookie via a first request that I send as a parameter to my curl request :

cookie=$(curl -I http://webcook/ 2>/dev/null | grep 'session' | awk '{print $2}' | sed 's/;$//g') && curl -X POST http://webcook/check_answer -d 'answer=b1fee1d5fe5e03b8d8bccf115cbbc94a' -b "$cookie"

Flag: FLAG{curl_Lov3_C0Ok1eS}