reccon
Last updated
Last updated
I heard you like memes, so we had a surprise for you. Enjoy !!
Flag format: CTF{sha256}
The challenge name is reccon, so let's get some info about this website. Since we have nothing on this page I start with fuzzing.
I found the index.php and a login page, but when I try to access the login page, nothing happens. So let's continue with fuzzing. I try to see if it is a GET parameterwith ffuf.
I want to get better at Python, so I wrote a code to find the correct parameter.
import requests
import sys
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
# See the response in burpsuite for debuging
proxy = {"https":"https://127.0.0.1:8080","http":"http://127.0.0.1:8080"}
# list of parameters that I found using fuff
lista=['a','c','e','g','i','k','m','o','q','s','u','w','y']
######### Main Function #########
def main():
try:
url = sys.argv[1]
except IndexError:
print("{+} Usage %s <url>"%sys.argv[0])
print("{+} Usage %s www.example.com"%sys.argv[0])
for i in lista:
# make a payload
payload = 'login?%s=falg'%i
# send request using requests module
response = requests.get(url+payload,verify=False,proxies=proxy)
response_content = response.text
# verify the content
if 'CTF' in response_content:
print("{+} You will find the flag at %s"%sys.argv[1]+'login?%s=flag'%i)
if __name__=="__main__":
main()
curl http://35.198.135.192:30224/index.php?m=flag -s | grep -E CTF{.*?} --color=none
