In this challenge we are asked to pet a dog several times in a very short period (only a few seconds) to get the flag.
The first thing to do is to look at the resources used when the page is loaded.
We can see that there is a call to a file called "petminlol.js", but the code seems to be obfuscated. So, Let’s reverse it to make it readable.
After a few minutes I found a function called “detectPet”, which makes a call to "ajax.php?=flag" so I decided to craft a CURL request to this endpoint.
And it worked! We could get the flag by directly requesting this endpoint.