From 124fd7181359323502fce4b6967a46734843bf9d Mon Sep 17 00:00:00 2001
From: "Toerd@archlinux" <philipg@posteo.de>
Date: Thu, 14 Jan 2021 21:21:59 +0100
Subject: [PATCH] Next challenge complete

---
 247ctf/miscellaneous/hidden_painting/paint.py | 13 +++++++++++++
 247ctf/web/secure_session/answer.org          |  5 +++++
 2 files changed, 18 insertions(+)
 create mode 100755 247ctf/miscellaneous/hidden_painting/paint.py
 create mode 100644 247ctf/web/secure_session/answer.org

diff --git a/247ctf/miscellaneous/hidden_painting/paint.py b/247ctf/miscellaneous/hidden_painting/paint.py
new file mode 100755
index 0000000..26976dc
--- /dev/null
+++ b/247ctf/miscellaneous/hidden_painting/paint.py
@@ -0,0 +1,13 @@
+#!/bin/python
+from PIL import Image, ImageColor
+
+im = Image.new('1', (4000,4000), 'white')
+
+with open('secret_map.txt', 'r') as f:
+    while (cl := f.readline()):
+        painting = cl.split(" ", 1)
+        im.putpixel((int(painting[1], 16),int(painting[0], 16)), ImageColor.getcolor('black', '1'))
+
+im.save('maybe.png')
+
+# 247CTF{0c895fb57954df7f83756e1f7718e661}
\ No newline at end of file
diff --git a/247ctf/web/secure_session/answer.org b/247ctf/web/secure_session/answer.org
new file mode 100644
index 0000000..c2992e6
--- /dev/null
+++ b/247ctf/web/secure_session/answer.org
@@ -0,0 +1,5 @@
+- To get the flag, trigger the population of the flag into the session var of flask.
+- For that to happen go to https://7675753c5dfaee11.247ctf.com/flag?secret_key=xxxx
+- Now go to the web inspector and get the session cookie value
+- reverse base64 encodeing two times in a row
+- done