Balsn Ctf 2020 TPC

TPC (web, 310p, 33 solves) Description The challenge implements a simple python application taking an URL as parameter. It allows us to perform SSRF and local file disclosure. Reading a file on the server is as simple as: $ curl -s --output - 'http://35.194.175.80:8000/query?site=file:///etc/passwd' root:x:0:0:root:/root:/bin/ash bin:x:1:1:bin:/bin:/sbin/nologin [...] We first needed to be sure what the python code does. To find this out, we tried to find where it was located:
Read full post gblog_arrow_right

ByteBandits 2020 Notes App

For this task, a very simple Python application and its source code is provided. Sources Analysis The application let us register, login, submit a link and edit a single field “note” that will be displayed on /profile. The application code is pretty straightforward and allows us to insert markdown on our own profile page. The python code responsible for markdown rendering (md2html) is the following: @app.route("/update_notes", methods=["POST"]) @login_required def update_notes(): # markdown support!
Read full post gblog_arrow_right