n00bzCTF 2024

Yolololololo發表於2024-09-07

n00bzCTF 2024

Passwordless

給了原始碼

#!/usr/bin/env python3
from flask import Flask, request, redirect, render_template, render_template_string
import subprocess
import urllib
import uuid
global leet

app = Flask(__name__)
flag = open('/flag.txt').read()
leet=uuid.UUID('13371337-1337-1337-1337-133713371337')

@app.route('/',methods=['GET','POST'])
def main():
    global username
    if request.method == 'GET':
        return render_template('index.html')
    elif request.method == 'POST':
        username = request.values['username']
        if username == 'admin123':
            return 'Stop trying to act like you are the admin!'
        uid = uuid.uuid5(leet,username) # super secure!
        return redirect(f'/{uid}')

@app.route('/<uid>')
def user_page(uid):
    if uid != str(uuid.uuid5(leet,'admin123')):
        return f'Welcome! No flag for you :('
    else:
        return flag

if __name__ == '__main__':
    app.run(host='0.0.0.0', port=1337)

uuid和username

獲取uid 得到url

訪問得到flag

LIT CTF

anti-inspect

沒看提示 開啟連結了崩了.. 還納悶咋打不開..

向題目連結發出請求

image-20240816112126753

jwt-1

讀提示和token有關 在加上jwt

獲取token

image-20240816113619473

image-20240816113119513

將false改成true 儲存token

image-20240816113225908

image-20240816113426318

jwt-2

image-20240816113741605

老方法先試一下

image-20240816113834977

發現是上一道題的flag

檢視原始碼

image-20240816114822467

偽造令牌 繞過檢查

image-20240816115047064

image-20240816115118427

image-20240816115140989

traversed

image-20240816123000493

相關文章