Web challenges fron n00bzCTF 2023
Club_N00b
The word radical was emphazised. Clicking on Check status redirects to:
I changed the secret_phrase value to radical:
Flag: n00bz{see_you_in_the_club_acting_real_nice}
Robots
Going to /robots.txt gives flag.
Flag: n00bz{1_f0und_7h3_r0b0ts!}
Secret-Group
Going to the website shows that it is the custom headers type challenge, I used Postman to send the custom requests.
Flag: n00bz{y0u_4r3_n0w_4_v4l1d_m3mb3r_0f_th3_s3cr3t_gr0up!}
Conditions
from flask import Flask, request, render_template, render_template_string, redirect
import subprocess
import urllib
flag = open('flag.txt').read()
app = Flask(__name__)
@app.route('/')
def main():
return redirect('/login')
@app.route('/login',methods=['GET','POST'])
def login():
if request.method == 'GET':
return render_template('login.html')
elif request.method == 'POST':
if len(request.values["username"]) >= 40:
return render_template_string("Username is too long!")
elif len(request.values["username"].upper()) <= 50:
return render_template_string("Username is too short!")
else:
return flag
if __name__ == '__main__':
app.run(host='0.0.0.0', port=8000)
My teammate found that ß when uppercase is SS. So just submit with 25 of them to pass the checks. ßßßßßßßßßßßßßßßßßßßßßßßßßßß
Flag: n00bz{1mp0551bl3_c0nd1t10n5_m0r3_l1k3_p0551bl3_c0nd1t10ns}