Rating:
# Web/sess.io
We observe that the session ids are generated from 4 letter blocks of the flag. But, 4 letters is not enough to be secure. We can write a php script to bruteforce all possible 4 letter combinations as shown below:
```php
\n";
exit(1);
}
$target_session_id = $argv[1];
$found_seed = brute_force_seed($target_session_id);
if ($found_seed) {
echo "[+] Found seed: " . $found_seed . "\n";
} else {
echo "[-] No matching seed found.\n";
}
?>
```
We collect all the unique session ids using a python script and crack all of them using this brute script and reassemble them manually to recover the flag.
