CTFtime.org

All about resetting

by hafofu / Hafofu

Rating: 5.0

## challenge

Who can guess my password or.. http://all-about-resetting.ctf2021.hackpack.club

## solve

I have a website

![chal](./images/chal.png)

Have reset password function

![Reset password](./images/reset-password.png)

So, i need a email to reset password, i try inspect home page and have a email `[email protected]`

![Inspect page](./images/inspect-page.png)

I try reset password with mail `[email protected]`.

![[email protected]](./images/[email protected])

Ok, so i need answer `SECURITY QUESTION`

Intercept with bupsuite, i have cookie: `.eJyrVkpLzMyJT84rUbIy0wFyyvKLMktS0_PLUovyEvOSU5WslLITszOLS_KTixKTK5UQakpSE3OBsvk5lbkFmYnJ-cVKtQBeAhyg.YHsccg.WiDP0w4_NiOEhNTIZWfB6HwhVlM`

prefix `.` denotes that it is compressed

![Cookie](./images/cookie.png)

And see server return header `Server: meinheld/1.0.2`, so the website run python.

I try, decompress with python.

```py
import zlib
import base64

j = zlib.decompress(base64.urlsafe_b64decode(b"eJyrVkpLzMyJT84rUbIy0wFyyvKLMktS0_PLUovyEvOSU5WslLITszOLS_KTixKTK5UQakpSE3OBsvk5lbkFmYnJ-cVKtQBeAhyg"))

print(j)
```

Run this, i have result

```
b'{"fail_cnt":6,"favoritegovernance":"kakistocracy","favoriteteam":"olympiacos"}'
```

So, `favoritegovernance is kakistocracy`, this is SECURITY QUESTION .

I submit them, and i got a flag

![Flag](./images/flag.png)

Flag is: `flag{Wh4t_1s_th1s_gov3rn4nc3_!!!}`

Original writeup (https://github.com/manhden/ctf-writeups/blob/master/hackpack/web/All-about-resetting/solve.md).

Comments