reccon

Description

I heard you like memes, so we had a surprise for you. Enjoy !!

Flag format: CTF{sha256}

The challenge name is reccon, so let's get some info about this website. Since we have nothing on this page I start with fuzzing.

I found the index.php and a login page, but when I try to access the login page, nothing happens. So let's continue with fuzzing. I try to see if it is a GET parameterwith ffuf.

I want to get better at Python, so I wrote a code to find the correct parameter.

import requests
import sys
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)


# See the response in burpsuite for debuging
proxy = {"https":"https://127.0.0.1:8080","http":"http://127.0.0.1:8080"}

# list of parameters that I found using fuff 
lista=['a','c','e','g','i','k','m','o','q','s','u','w','y']
    

######### Main Function #########
def main():
    try:
        url = sys.argv[1]
    except IndexError:
        print("{+} Usage %s <url>"%sys.argv[0])
        print("{+} Usage %s www.example.com"%sys.argv[0])
    for i in lista:
        # make a payload
        payload = 'login?%s=falg'%i
        # send request using requests module
        response = requests.get(url+payload,verify=False,proxies=proxy)
        response_content = response.text 
        # verify the content
        if 'CTF' in response_content:
            print("{+} You will find the flag at %s"%sys.argv[1]+'login?%s=flag'%i)
    

if __name__=="__main__":
     main()

Flag

curl http://35.198.135.192:30224/index.php?m=flag -s | grep -E CTF{.*?} --color=none

Previousfile-crawler Nextthis-file-hides-something

Last updated 1 year ago