Colors

Security Summer School

Colors - SSS

Info

Details

Challenge Overview

In this chall we see a Next page button in the middle of the page. The link is ..../colors/index.php?index=1 When we click the button the index from the link increases.

Since we don't know wtf is going on, we'll bruteforce it until we get SSS in the response text.

I used the following Python Script to bruteforce the first 10k numbers.

import requests

url_base = "http://141.85.224.70:8082/colors/index.php?index="

for index in range(1000, 10000):
    url = f"{url_base}{index}"
    try:
        response = requests.get(url, timeout=5)
        if "SSS" in response.text:
            print(f"found index:{index}")
            print(response.text)
            break
        else:
            print(f"no: {index}")
    except requests.exceptions.RequestException as e:
        print(f"error: {index}")

Final Flag

SSS{d1d_y0u_4ctu4lly_cl1ck_3141_t1mes}

made by k0d

PreviousGreat names NextChef hacky mchack

Last updated 8 months ago

hashtagColors - SSS

hashtagChallenge Overview

hashtagFinal Flag

Colors - SSS

Challenge Overview

Final Flag