404Unfound
  • Writeups
  • Members
  • Tags
  • CTFs
  • Authors
  • Writeups
  • Members
  • Tags
  • CTFs
  • Authors
[CTF.SG'22] Don't Touch My Flag
Don’t Touch my Flag (CTF.SG 2022) Understanding how the website works Get Function Firstly, from the index function, we see that it calls /get. Looking at the get function, we see that it sends a request to the url, with the secret as a cookie. Keep this in mind as we’ll need to make use of the secret to get the flag. Lastly, it censors the response by converting everything into *.
2022/03/13 · Bowen
[CTF.SG'22] Wildest Dreams Pt 2
Wildest Dreams Pt. 2 (CTF.SG 2022) 1989.php Once we open this file, a simple glance through the source code shows that the flag will be revealed once md5(i1) == md5(i2). The only requirements for i1 and i2 is that they shouldn’t be the same, and they must have a length of more than 15 characters. In php, two strings matching the regular expression 0+e[0-9]+ compared with == returns true. Thus, strings such as 0e69, 0e12 etc will return true when compared with each other.
2022/03/13 · Bowen
  • ««
  • «
  • 5
  • 6
  • 7
  • 8
  • 9
  • »
  • »»
© 2024 404Unfound Powered by Hugo & Monochrome