Title : Easter eggs is always fun
Actually, this challenge is not what we could call a good challenge. It’s just a little trick we had to find.
The website is as simple as possible, there is just one big button we can click. The other ones leads to nothing. When we try to click on this button, we clearly see that three parameters are sent via GET.
My first thought was to modify these parameters, by trying to set easter to “false”, next to “nogo”, etc. Unfortunately, nothing happened. I also tried other things, like add parameter “previous”, send these parameters with a POST request, delete some parameters, but each try was a fail.
So, let’s think about this challenge a bit. We could win only 200 points with this one, which isn’t huge. I guessed that the trick isn’t hard too. The title talks about easter eggs. After an hour thinking about how to find an easter egg, I had a revealation ! The only easter egg which is easily foundable is… PHP EASTER EGGS !
There are four PHP easter eggs, that we trigger by loading a special PHPSESSID in GET parameter.
What about giving it a try?
As I saw the page loading, I was like “Oh my god, that’s not possible, it couldn’t be THAT !?” Let’s try another easter egg PHPSESSID.
And here is the flag !
To be honest, I disliked this challenge, because it was just a trick to find out.