amon (j. heng)

amon (j. heng)

The Potatosploiter. Pirate of the Seven Proxseas.

Hack You CTF 2012 - HugeCaptcha (PPC100)

less than 1 minute read

PPC100 is a puzzle that requires some degree of scripting. To obtain the flag, we have to add up the two large numbers given and submit the result through POST within an extremely short time limit.

The exploit is as follows (solve_ppc100.py):

import requests, re

p1 = re.compile("(d+) + (d+)")
p2 = re.compile("name='trueanswer' value='(w+)'")
r = requests.get("http://misteryou.ru/ppc100/")

res1 = p1.search(r.text)
n1 = res1.group(1)
n2 = res1.group(2)
ans = int(n1) + int(n2)

res2 = p2.search(r.text)
ta = res2.group(1)

payload = {'captchatype': 'hugecaptcha', 'trueanswer': ta, 'answer': str(ans)}
r2 = requests.post("http://misteryou.ru/ppc100/", data=payload)

p3 = re.compile("(d{7})")
secret = "".join(chr(int(i,2)) for i in p3.findall(r2.text))

print secret

Executing the python script:

amon@Alyx:~/hackyou/ppc100$ python solve_ppc100.py
killallhumans
amon@Alyx:~/hackyou/ppc100$

Flag: killallhumans

Leave a Comment

You May Also Enjoy

Cyberpeace 2022 - Crysys (Pwn)

5 minute read

Summary: A minimal binary with only the read libc function and containing a standard stack overflow can be exploited by leveraging a common add-what-where ga...

TetCTF 2022 - Newbie (Pwn)

6 minute read

Summary: An ELF binary contains functionality to generate a ‘hashed’ identifier from two bytes of memory at an offset specified by the user. This ‘hashed’ id...

TetCTF 2022 - EzFlag (Web/Pwn)

14 minute read

Summary: In this two part challenge, flawed filename logic allows an attacker to write arbitrary Python files that are executed as a CGI script. Once the att...