There are 2 links in this challenger
- main: http://challenges.wargame.vn:1337/web50_4e4d6c332b6fe62a63afe56171fd3725/?x=
- source code: this looks like a mistake of web decoder when they leave the temp version of web source code: http://challenges.wargame.vn:1337/web50_4e4d6c332b6fe62a63afe56171fd3725/index.php~
So, firstly, just check the source code to see what this mission requires?
Open that source code link, it is a blank page. No worries, view source code (this is the most important part all all web challenger).
error_reporting(0);
$flag = file('../../flag.txt');
if ($_GET['x']==="\x01\x03\x03\x07")
echo $flag[0];
?>
It seems that main will compare x parameter with some values which are 0x01, 0x03, 0x03 and 0x07, those are hex value; hence, we need to feed that x what it requires.
To do it, we have to know how to pass hex value in web browser. We need % (percent) symbol to pass hex value. For example, %20 stands for a space ( )
Back to main link. try to feed ?x=%01%03%03%07 and we get flag
No comments:
Post a Comment