Description:
North Korea reportedly has a bioweapon in the making. Hack into their database and steal it.
For the second web challenge we’re given with a URL, lets open it.
Cute Kim 🙂
Now let’d dump the headers of the response using curl:
Megabeets$ curl -D - http://139.59.62.216/supreme_leader/ HTTP/1.1 200 OK Date: Sun, 05 Mar 2017 08:47:14 GMT Server: Apache/2.4.7 (Ubuntu) X-Powered-By: PHP/5.5.9-1ubuntu4.20 Set-Cookie: KimJongUn=2541d938b0a58946090d7abdde0d3890_b8e2e0e422cae4838fb788c891afb44f; expires=Sun, 05-Mar-2017 08:47:24 GMT; Max-Age=10 Set-Cookie: KimJongUn=TooLateNukesGone; expires=Sun, 05-Mar-2017 08:47:25 GMT; Max-Age=10 Vary: Accept-Encoding Content-Length: 1117 Content-Type: text/html
We can see an interesting cookie:Â Â KimJongUn=2541d938b0a58946090d7abdde0d3890_b8e2e0e422cae4838fb788c891afb44f. The value of the cookie is looking like 2 MD5 hashes combined with “_”. Let’s try to crack them online using my favorite site.
That’s it! Here is the flag:Â pragyanctf{send_nukes}
Eat Veggies