[CTF.SG'22] Don't Touch My Flag
Don’t Touch my Flag (CTF.SG 2022) Understanding how the website works Get Function Firstly, from the index function, we see that it calls /get. Looking at the get function, we see that it sends a request to the url, with the secret as a cookie. Keep this in mind as we’ll need to make use of the secret to get the flag. Lastly, it censors the response by converting everything into *.
[CTF.SG'22] Wildest Dreams Pt 2
Wildest Dreams Pt. 2 (CTF.SG 2022) 1989.php Once we open this file, a simple glance through the source code shows that the flag will be revealed once md5(i1) == md5(i2).
The only requirements for i1 and i2 is that they shouldn’t be the same, and they must have a length of more than 15 characters.
In php, two strings matching the regular expression 0+e[0-9]+ compared with == returns true. Thus, strings such as 0e69, 0e12 etc will return true when compared with each other.