$ curl -v
*   Trying
* Connected to ( port 80 (#0)
> GET /supreme_leader/ HTTP/1.1
> Host:
> User-Agent: curl/7.47.0
> Accept: */*
< HTTP/1.1 200 OK
< Date: Thu, 02 Mar 2017 15:55:07 GMT
< Server: Apache/2.4.7 (Ubuntu)
< X-Powered-By: PHP/5.5.9-1ubuntu4.20
< Set-Cookie: KimJongUn=2541d938b0a58946090d7abdde0d3890_b8e2e0e422cae4838fb788c891afb44f; expires=Thu, 02-Mar-2017 15:55:17 GMT; Max-Age=10
< Set-Cookie: KimJongUn=TooLateNukesGone; expires=Thu, 02-Mar-2017 15:55:18 GMT; Max-Age=10
< Vary: Accept-Encoding
< Content-Length: 1117
< Content-Type: text/html
    <title>Defense, North Korea</title>
    <link href="https://fonts.googleapis.com/css?family=Open+Sans" rel="stylesheet">
        background-color: #F4D03F;
        font-family: 'Open Sans', sans-serif;
        color: green;
        align: left;
        height: 300px;
        position: absolute;
        top: 120px;
        left: 10px;
        font-size: 5em;
        font-weight: lighter;
    <title>Find Me</title>
    <h2>North Korean Defense&nbsp;</h2>
    <div class="container">
      <p>You are accessing the super secret website of the Department of Defense, North Korea.
         Doing so without the Supreme Leader's consent is a crime and will be dealt with severely.
         Only admins are allowed to access this page after this point.
         All hail the Supreme Leader.
      <img src="http://images.entertainment.ie/images_content/rectangle/620x372/kju20141011228705.jpg" alt="Supreme Cookie" width="500" height="300">
* Connection #0 to host left intact

怪しいcookie KimJongUn=2541d938b0a58946090d7abdde0d3890_b8e2e0e422cae4838fb788c891afb44fがある。 decrypterに投げると以下が判明する。

$ echo -n send | md5sum
2541d938b0a58946090d7abdde0d3890  -
$ echo -n nukes | md5sum
b8e2e0e422cae4838fb788c891afb44f  -

よってflag: pragyanctf{send_nukes}