[email protected]
Search…
Exploit/CVE PoC
Hacking Report (HTB)
Penetration Testing Checklists
Red Team (Windows)
Exploitation Guide
Offensive Security Lab & Exam
P.W.N. University - CTF 2018
https://uni.hctf.fun/
Thinking out of the box
No advanced programming technique is required to solve the following CTF problem
JavaScript
1
var http = require('http');
2
const crypto = require('crypto');
3
var url = require('url');
4
var fs = require('fs');
5
​
6
var _0x86d1=["\x68\x65\x78","\x72\x61\x6E\x64\x6F\x6D\x42\x79\x74\x65\x73"];
7
​
8
function generatePart1() {
9
return
10
{
11
x: crypto[_0x86d1[1]](8)
12
​
13
}[x].toString(_0x86d1[0]);
14
}
15
function generatePart2() {
16
return [+!+[]]+[!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]];
17
}
18
​
19
http.createServer(function (req, res) {
20
res.writeHead(200, {'Content-Type': 'text/html'});
21
passwd = generatePart1() + generatePart2();
22
var url_content = url.parse(req.url, true);
23
​
24
if (passwd == url_content.query.passwd) {
25
res.write(fs.readFileSync('flag.txt', 'utf8'));
26
} else {
27
res.write('<html><body><form method="get"><input type="text" name="passwd" value="password"><input type="submit" value="login" /></form></body></html>');
28
}
29
res.end();
30
}).listen(8888);
Copied!
Python
1
from flask import Flask, request, send_from_directory
2
​
3
app = Flask(__name__)
4
​
5
passwd = open("/opt/passwd.txt").read()
6
flag = open("/opt/flag.txt").read()
7
​
8
​
9
@app.route('/')
10
def index():
11
userpw = request.args.get("passwd", "")
12
if userpw == passwd:
13
return flag, 200, {"Content-Type": "text/plain"}
14
else:
15
return '<html><body><form method="get"><input type="text" name="passwd" value="password"><input type="submit" value="login" /></form></body></html>'
16
​
17
​
18
if __name__ == '__main__':
19
assert(len(passwd) == 3)
20
assert(passwd.isdigit())
21
app.run()
22
​
Copied!
​
Last modified 1yr ago
Copy link