n00bzCTF 2024
Passwordless
給了原始碼
#!/usr/bin/env python3
from flask import Flask, request, redirect, render_template, render_template_string
import subprocess
import urllib
import uuid
global leet
app = Flask(__name__)
flag = open('/flag.txt').read()
leet=uuid.UUID('13371337-1337-1337-1337-133713371337')
@app.route('/',methods=['GET','POST'])
def main():
global username
if request.method == 'GET':
return render_template('index.html')
elif request.method == 'POST':
username = request.values['username']
if username == 'admin123':
return 'Stop trying to act like you are the admin!'
uid = uuid.uuid5(leet,username) # super secure!
return redirect(f'/{uid}')
@app.route('/<uid>')
def user_page(uid):
if uid != str(uuid.uuid5(leet,'admin123')):
return f'Welcome! No flag for you :('
else:
return flag
if __name__ == '__main__':
app.run(host='0.0.0.0', port=1337)
uuid和username
獲取uid 得到url
訪問得到flag
LIT CTF
anti-inspect
沒看提示 開啟連結了崩了.. 還納悶咋打不開..
向題目連結發出請求
jwt-1
讀提示和token有關 在加上jwt
獲取token
將false改成true 儲存token
jwt-2
老方法先試一下
發現是上一道題的flag
檢視原始碼
偽造令牌 繞過檢查
traversed
