Not finish yet, still writing :) • mosaic from flask import Flask, render_template, request, redirect, url_for, session, g, send_from_directory import mimetypes import requests import imageio import os import sqlite3 import hashlib import re from shutil import copyfile, rmtree import numpy as np app = Flask(__name__) app.secret_key = os.urandom(24) app.config['MAX_CONTENT_LENGTH'] = 16 * 1000 * ..

[ Mctree ] admin account already exists. I guessed that I could get flag if I log in with admin account. If register id with admin" , you can see you are register in admin account. Then, login with account that you reigstered. Here is my payload. ID : admin" PW : a ● Flag TFCCTF{I_l1k3_dr4g0n_tr33s__Yuh!_1ts_my_f4v0r1t3_tr33_f0r_sur3!} [ Ducky note ] It's a web application which has admin bot. C..

I used other's writeup as a reference. This challenge is about chrome extension which is made of javascript code. You can check structrue of directory below folding code. 더보기 ./ ├── crawler │ ├── crawler.js │ ├── Dockerfile │ ├── extension │ │ ├── audio.html │ │ ├── background.js │ │ ├── content.js │ │ ├── index.html │ │ ├── manifest.json │ │ ├── ring.mp3 │ │ └── sandbox.js │ ├── package.json │ ..

This is the easiest challenge in this CTF. There is only one file, "index.js" in this challenge. app.get('/flag', needAuth, (req, res) => { if (req.session.username !== 'admin') { flash(req, 'only admin can read the flag'); return res.redirect('/'); } return res.render('flag', { chall_name: CHALL_NAME, flash: getFlash(req), flag: FLAG }); }); When you enter "/flag" endpoint with admin session, y..

Sadly, I solved only few challenges in zer0pts CTF :( . Write this for studying. The more web api you know, the easier you solve. This is a service that we can upload a post and report it to admin. ./app ├── Dockerfile ├── go.mod ├── go.sum ├── main.go ├── report.go ├── static │ └── style.css └── views ├── index.html └── note.html Let's check core code of this challenge. ● main.go var conn *redi..

./perfect-product/ ├── Dockerfile ├── flag.txt └── src ├── app.js ├── package.json ├── package-lock.json ├── readflag ├── readflag.c ├── static │ └── img └── views ├── index.ejs └── product.ejs There is a flag.txt file and binary of "readflag". # Dockerfile FROM debian:sid ENV NODE_ENV "production" RUN apt update && \ apt install -y curl && \ curl -sL https://deb.nodesource.com/setup_18.x | bash..

[ Wanky mail ] 더보기 from flask import Flask, render_template_string, request, redirect, abort from aiosmtpd.controller import Controller from datetime import datetime from base58 import b58decode, b58encode import random import string import os from datetime import datetime import queue mails = {} active_addr = queue.Queue(1000) def format_email(sender, rcpt, body, timestamp, subject): return {"s..

./challenge/ ├── challenge │ ├── app.py │ ├── poc.py │ ├── poc.sh │ ├── static │ └── templates │ └── index.html ├── docker-compose.yml └── Dockerfile version: '3' services: shop: build: . container_name: aquatic_delights ports: - "8080:8080" environment: - FLAG=justCTF{here_should_be_a_flag} restart: always You can see flag in docker-compose.yml. There are only few codes to check out. Let's see ..

This Chall is well-known type of XSS Challenge. ./web_extra-safe-security-layers/ ├── docker-compose.yml ├── Dockerfile └── src ├── app.js ├── bot.js ├── flag.txt ├── package.json ├── public │ ├── admin_background.png │ └── background.png └── templates └── index.ejs It gives that this chall has 5 safety layer through remark. These remarks confused me, even if this chall was not that hard. Just I..