Mr. Mailman, could you GET me that POST?
app.py
import requests from flask import Flask, request, abort app = Flask(__name__) @app.route('/submit', methods=['POST']) def submit(): if 'url' in request.json: return requests.post(request.json['url']).content else: abort(404) @app.get("/") def index(): return "You can't connect to this API with your browser. Check the source code." assert requests.get("http://internal:5001/flag").content.startswith(b"ecsc") if __name__ == "__main__": app.run(port=5000)
internal.py
from flask import Flask app = Flask(__name__) @app.route('/flag', methods=['GET']) def flag(): return open("flag.txt", 'r').read() if __name__ == "__main__": app.run(port=5001)
Format flagi:
ecsc25{litery_cyfry_i_znaki_specjalne}.
W razie wątpliwości lub pytań dotyczących konkursu zapraszamy na naszego Discorda: https://discord.gg/gAtRKa2rcn.