Statement:
Connect from the gateway to the website to answer the question.
Gateway connection information: ssh -p 666 the_gate@bash-hell.flag4all.sh pass: iop Website connection information: http://webcook/
Show us your mastery of BASH and WEB!
Fast and Hungry!
FLAG format: FLAG{PenTh1um2_1s_4_devil}
Author: Penthium2 (BZHack)
Connecting to the gateway via SSH, I start by making a simple curl request to observe the behavior :
curl http://webcook/
<!DOCTYPE html>
<html>
<head>
<title>Quiz cook</title>
</head>
<body>
<h1>Quiz cook</h1>
<form action="/check_answer" method="post">
<div>quel est le nom de l'asso en minuscule qui organise ce CTF ?<p>donnez la réponse en md5</p></div>
<input type="text" name="answer" placeholder="Réponse">
<button type="submit">Vérifier</button><br>
<p>Vous avez 2sec</p>
</form>
</body>
</html>
In view of the information returned, I decide to make a POST request and send the desired response :
curl -X POST http://webcook/check_answer -d 'answer=b1fee1d5fe5e03b8d8bccf115cbbc94a'
The server sends me back the value Invalid cookie or answer but I am sure of the answer, I then check the headers of the site :
curl -I http://webcook/
HTTP/1.0 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 436
Vary: Cookie
Set-Cookie: session=eyJfcGVybWFuZW50Ijp0cnVlLCJmbGFnNGFsbCI6ImZsYWc0YWxsXzY3MzIifQ.ZTU01A.xRvRVX1sTUnFChABbj_TEKHg5PQ; Expires=Sun, 22-Oct-2023 14:42:30 GMT; HttpOnly; Path=/
Server: Werkzeug/1.0.1 Python/3.9.2
Date: Sun, 22 Oct 2023 14:42:28 GMT
I see that the session cookie expires after 2 seconds :
Date: Sun, 22 Oct 2023 14:42:28 GMT
Expires=Sun, 22-Oct-2023 14:42:30 GMT
Finally, I retrieve the value of the session cookie via a first request that I send as a parameter to my curl request :
cookie=$(curl -I http://webcook/ 2>/dev/null | grep 'session' | awk '{print $2}' | sed 's/;$//g') && curl -X POST http://webcook/check_answer -d 'answer=b1fee1d5fe5e03b8d8bccf115cbbc94a' -b "$cookie"
Flag: FLAG{curl_Lov3_C0Ok1eS}