Sesame Street

Web Exploitation - Points: 150

Surprisingly, The20thDuck loves cookies! He also has no idea how to use php. He accidentally messed up a cookie so it’s only available on the countdown page… Also why use cookies in the first place?

sesamestreet.web.2019.nactf.com

$ curl 'http://sesamestreet.web.2019.nactf.com/flag.php' -H 'Cookie: session-time=1573712479;'

flag: nactf{c000000000ki3s}