CSCAMP CTF 2012 - Web200

less than 1 minute read

In this puzzle, you had to evaluate an equation encoded in base64 in an array structure consisting of values and operands hidden in a custom header. The objective is to return the results of the evaluation in a timely manner.

The exploit (

import requests, base64, re

def main():
chalurl = ""
chal_r = requests.get(chalurl)
cookie = chal_r.cookies['x0x']
eq = chal_r.headers['Eq']
print "Got page (cookies: %s)" % cookie

eq_l = base64.decodestring(eq)

r=re.compile("(d) => '?(.+?)'?,")
eq_d = dict((int(i), v) for i,v in r.findall(eq_l))
print "".join(eq_d.values())
toexec = "total=%s" % "".join(eq_d.values())
exec toexec in globals(), locals()

print "Total is %d." % total
cookies = dict(x0x=cookie)
payload = {'result': str(total)}
chal_p =, data=payload, cookies=cookies)
print chal_p.text

if __name__ == "__main__":

TODO: Update with demonstration of script once tasks are online.

Leave a Comment