Thứ Tư, 16 tháng 9, 2020

[CSAW2020] Widthless web WRITE UP

 This competition is familiar to me. But this year, all the web challenges seem "guessy". Let's talk about this.


This is the most guessy chall that I have ever played with. 

When I built this WU, 186 solves. 

 

Look through the webpage, view the source code, the chall talk about 


After ten minutes searching for "zwsp", I understand how the stuff use for and find out a way to retrive hiding letter. 

It's a base64 encoded text. Decode it and we get the plaintext:

I thought it's a flag, but not. How matter I had tried, the server didn't accept it. 

After trying many times, I realize that piece of text must be inputed to this form 


The result was another step : 

I decide to put this sh*t in URL. 

 

It's not work! I remove <> tag, transform "pwd", guess the file (flag.txt, passwd.txt, etc..), but nothing happens. And after an hours messing, I realize that <pwd> should be "alm0st_2_3z" which was found above. 

Bingo! I try to find something different... and figure out this :

Stuck again, but with my exp about this chall, I move speedly and find the way to keep going. Viewing the source code of this page and find the letter behind by old method. Successfully!

It's a Hex encoded text. Decode it 


Submit this stuff for a newsletter :

Here we go again, so this time, we can ensure which is pwd1 and pwd2, put this messy stuff into URL, get the flag and say goodbye to the messy guessy challenge !









Không có nhận xét nào:

Đăng nhận xét

Phổ Biến