We understand that the service is doing XOR encryption. We connect to it and thee that there is the encrypted flag and that we can encrypt anything we want.

```
$ nc cha.hackpack.club 41715
Welcome to CryptoKid's Hall of MirrXors!
Here is BASE64(ENC(FLAG, SESSION_KEY)) => bwHJ1+IUTxTLWyYalXkyC3m5B4lRj+4BerJ3S/WxWj4kKbbqdx/M6nh8bCE+C0ZjJJc9hKHMPSTwUQ==
Wanna guess what FLAG is? qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
Here is BASE64(ENC(GUESS, SESSION_KEY)) => eBzZwegLDhGXXj9YyWVzCXzlR5VQjKwDePJwCamwRw9kNrOofhqQ7Xxhc30tD0M/Io582LP9PmbyXXgc2cHoCw4Rl14/WMllcwl85UeVUIysA3jy
How'd you do??
```

We have a known clear text attack on a XOR encryption. We just need to XOR the encoded flag to our encrypted plain text qqqqqq… then XOR it again with our clear plain text. Here is the Cyber Chef recipe that give us the flag: flag{n0t-th3-m0st-1mpr3ss1v3-pl@1nt3xt-vuln-but-wh0-c@r3s}.