hackone-cft
一、Moderate Hackyholidays CTF Web 12
访问没有任何信息,只有一段动态视频和图片。
1、flag1:
访问/robots.txt,得到第一个flag
^FLAG^a5e751ad462e41a83378eabef4d7fa25a6aed78ed8af73fa62355a4b231ef800$FLAG$
2、flag2:
在robots.txt页面发现“Disallow: /s3cr3t-ar3a”页面,访问/s3cr3t-ar3a,页面提示Page Moved。查看页面源码没有发现任何信息,F12检查元素,在DOM结构中发现第二个flag
^FLAG^a3557f70508b72b43d6d9c00311f1196a57643a65002dbc0ea1dfe2bf3134ac1$FLAG$
3、flag3:
在/s3cr3t-ar3a页面中,通过元素查看页面,发现一段id="alertbox"元素中存在next-page="/apps-home/">’中存在另一个页面,访问页面/apps-home/,再新页面的源码下发现一段<script>,里面有链接“/people-rater”、“/swag-shop”、“/secure-login”、“/my-diary”等等,编号从3到10共计有8个链接。
var challenges = {"3":{"link":"\/people-rater","name":"People Rater","description":"The grinch likes to keep lists of all the people he hates. This year he's gone digital but there might be a record that doesn't belong!"},"4":{"link":"\/swag-shop","name":"Swag Shop","description":"Get your Grinch Merch! Try and find a way to pull the Grinch's personal details from the online shop."},"5":{"link":"\/secure-login","name":"Secure Login","description":"Try and find a way past the login page to get to the secret area."},"6":{"link":"\/my-diary","name":"My Diary","description":"Hackers! It looks like the Grinch has released his Diary on Grinch Networks. We know he has an upcoming event but he hasn't posted it on his calendar. Can you hack his diary and find out what it is?"},"7":{"link":"\/hate-mail-generator","name":"Hate Mail Generator","description":"Sending letters is so slow! Now the grinch sends his hate mail by email campaigns! Try and find the hidden flag!"},"8":{"link":"\/forum","name":"Forum","description":"The Grinch thought it might be a good idea to start a forum but nobody really wants to chat to him. He keeps his best posts in the Admin section but you'll need a valid login to access that!"},"9":{"link":"\/evil-quiz","name":"Evil Quiz","description":"Just how evil are you? Take the quiz and see! Just don't go poking around the admin area!"},"10":{"link":"\/signup-manager","name":"Signup Manager","description":"You've made it this far! The grinch is recruiting for his army to ruin the holidays but they're very picky on who they let in!"}};
$('.openchallenge').click( function(){
$('a.challengelink').attr('href', '..' + challenges[$(this).attr('data-id')].link + '/' )
$('h4.modal-title').html( challenges[$(this).attr('data-id')].name )
$('div.modal-body').html( challenges[$(this).attr('data-id')].description )
$('div#challengeModal').modal('show');
return false;
});
访问第一个链接/people-rater,页面中仍然有一段<script>代码,里面揭示了更多的参数,页面上有个“load more”的按钮
$('.thelist').on("click", "a", function(){
$.getJSON('entry/?id=' + $(this).attr('data-id'), function(resp){
alert( resp.rating );
}).fail(function(){
alert('Request failed');
});
});
var page = 0;
$('.loadmore').click( function(){
page++;
$.getJSON('page/' + page + '/', function(resp){
if( resp.results.length < 5 ){
$('.loadmore').hide();
}
$.each( resp.results, function(k,v){
$('.thelist').append('<div style="margin-bottom:15px"><a class="btn btn-info" data-id="' + v.id + '">' + v.name + '</a></div>')
});
});
});
$('.loadmore').trigger('click');
https://lia.mg/posts/hackerone-hacky-holidays-2020-ctf-writeup/
^FLAG^a5e751ad462e41a83378eabef4d7fa25a6aed78ed8af73fa62355a4b231ef800$FLAG$
浙公网安备 33010602011771号