[ritualist]

For the first side quest:
Working command to create a cookie

flask-unsign --sign --cookie '{"logged_in": True, "username": "admin"}' --secret '@09JKD0934jd712?djD'

Then set it with session=value to get the keycard.

First+Second question:
Just look at the plaintext http traffic.

Third question:
There are two elf files uploaded. One of them is https://github.com/creaktive/tsh (found with VirusTotal).
Traffic to/from port 9001 is encrypted TinyShell traffic that we're interested in.
This is a great start to decode it: https://github.com/DisplayGFX/TinyShell-Decoder
The secret is not the default and has to be extract from the elf. Just strings should be enough.
I couldn't get it to fully work, but if you focus on messages the attacker sends, you can spot the command

zip -P XXX elves.zip elves.sql

that revels the password

Fourth question:
Look at traffic to port 9002 to get the zip file. Use the password from the previous question.
The password is in plaintext in the .sql, no need to crack anything.


Did anyone find the L2 Keycard?

[0xd4rkness]

For the L2 Key card take a look at the XXE on task 11/Day 5

Along the lines of:

<!--?xml version="1.0" ?-->
<!DOCTYPE foo [ <!ENTITY payload SYSTEM "php://filter/convert.base64-encode/resource=http://localhost:8080/"> ]>

[Alex00]

I completed the 1st side quest and found the 2nd Keycard but then got busy with life and couldn't work on it

[alph4byt33]

I completed the 1st side quest and found the 2nd Keycard but then got busy with life and couldn't work on it

I always tell myself to work on these every year but it never ends up happening due to life