🚩 CTF Writeup/WxMCTF '24

📌 Intro This program outputs some conspicuous binary digits. See if you can find out what they mean... 🔬 Analysis # encrypt.py #!/usr/bin/env python3 flag = 'wxmctf{REDACTED}' encoded = '' for c in flag: encoded += ''.join(map( lambda x: format(int(x), 'b').zfill(4), str(ord(c)).zfill(3) )) with open('output.txt', 'w') as output: output.write(encoded) 위 코드를 보면 flag 문자에 대해 다음과 같은 작업을 수행한다. 1. str..

📌 Intro Blind SQL Injection MGCI's cybersecurity club has hired you to test their site security for nuclear launch codes. Unfortunately, they forgot to give you any log-in credentials, and they haven't implemented registration features yet! Can you find the nuclear launch codes? 🔬 Analysis # app.py @app.route('/login_username', methods=['POST']) def login(): username = request.form['username'] c..

📌 Intro parameter pollution 과 관련된 문제 After getting all of his brawlers to 500 trophies, Eatingfood has found himself in a pickle - there is a Fang on the opposing team every other match and he can no longer play the game! Luckily, he has a plan - to get enough gems to buy every brawler and hypercharge so he can get back to mindlessly mashing buttons and winning. Not wanting to wait and earn gems..