banner
肥皂的小屋

肥皂的小屋

github
steam
bilibili
douban
tg_channel
HomeArchivesPortfoliosNftAboutShotrs

tinyctf-2014-NaNNaNNaNNaN-Batman-writeup

#CTF#CTF writeup107
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
This is a write-up for a CTF challenge from 2014. The challenge involves a PHP code that checks if a user input matches certain conditions and executes a function if it does. By analyzing the code and constructing a specific input, the flag "flag{it's_a_h0le_in_0ne}" can be obtained.

title: "tinyctf-2014-NaNNaNNaNNaN-Batman-writeup"
categories: [ "CTF" ]
tags: [ "CTF","CTF writeup" ]
draft: false
slug: "11"
date: "2019-01-06 22:37:00"

  • Why write a writeup for a 2014 question: because I was doing a certain CTF training platform question

First, the question provided an attachment called web100.zip, which, when extracted, was a web100 file.

When opened with Notepad, it looked like this:

image

Most of it is understandable, but there are some boxes. I noticed the words "script" and "function", so I guessed it was PHP code and dragged it into the browser to take a look:

image

There was an input box, and at the end, there was an eval function being executed:

image

Let's change it to display an alert and drag it in again:

image

Oh, the garbled text is gone, and we obtained the PHP source code:

function $(){var e=document.getElementById("c").value;if(e.length==16)if(e.match(/^be0f23/)!=null)if(e.match(/233ac/)!=null)if(e.match(/e98aa$/)!=null)if(e.match(/c7be9/)!=null){var t=["fl","s_a","i","e}"];var n=["a","_h0l","n"];var r=["g{","e","_0"];var i=["it'","_","n"];var s=[t,n,r,i];for(var o=0;o<13;++o){document.write(s[o%4][0]);s[o%4].splice(0,1)}}}document.write('<input id="c"><button onclick=$()>Ok</button>');delete _

Let's format the code using a tool:

image

function $(){
	var e=document.getElementById("c").value;
	if(e.length==16)if(e.match(/^be0f23/)!=null)if(e.match(/233ac/)!=null)if(e.match(/e98aa$/)!=null)if(e.match(/c7be9/)!=null){
		var t=["fl","s_a","i","e}"];
		var n=["a","_h0l","n"];
		var r=["g{","e","_0"];
		var i=["it'","_","n"];
		var s=[t,n,r,i];
		for (var o=0;o<13;++o){
			document.write(s[o%4][0]);
			s[o%4].splice(0,1)
		}
	}
}
document.write('<input id="c"><button onclick=$()>Ok</button>');
delete _

The code is quite simple. It uses a regular expression to check if the input string starts with be0f23, ends with e98aa, and contains the strings 233ac and c7be9. If these conditions are met, the function below will be executed. So, we construct the string be0f233ac7be98aa and enter it into the input box:

image

image

We obtained the flag: flag{it's_a_h0le_in_0ne}

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.