re web

Yet Another WAF

Punkty: 171
Rozwiązań: 25

You can't hack me if you can only call "id", right?

runner.7z 12.6 MB

https://yaw.ecsc25.hack.cert.pl/

app.py 

import json
import requests
from flask import Flask, request, abort

app = Flask(__name__)


@app.route('/run', methods=['POST'])
def run():
    payload = json.loads(request.data)
    if 'cmd' in payload:
        command = payload['cmd']
        if command != 'id':
            abort(403)
        else:
            payload = f'{{"content":{request.data.decode()}}}'
            print(payload)
            r = requests.post("http://runner/api/run", headers={"Content-Type": "application/json"}, data=payload)
            return r.content
    else:
        abort(404)


@app.get("/")
def index():
    return "You can't connect to this API with your browser. Check the source code."


if __name__ == "__main__":
    app.run(port=5000)

Format flagi: ecsc25{litery_cyfry_i_znaki_specjalne}.
W razie wątpliwości lub pytań dotyczących konkursu zapraszamy na naszego Discorda: https://discord.gg/gAtRKa2rcn.

Aby wysłać flagę, musisz się zalogować.