Main menu

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive
 

 

Excellent, you are now on Level 1, the Guessing Game. All you have to do is guess the combination correctly, and you'll be given the password to access Level 2! We've been assured that this level has no security vulnerabilities in it (and the machine running the Guessing Game has no outbound network connectivity, meaning you wouldn't be able to extract the password anyway), so you'll probably just have to try all the possible combinations. Or will you...?
You can play the Guessing Game at https://level01-2.stripe-ctf.com/user-esqgniwwof. The code for the Game can be obtained from git clone https://level01-2.stripe-ctf.com/user-esqgniwwof/level01-code, and is also included below.

 

The trick here lied in lines 12-16. 

 

      $filename = 'secret-combination.txt';
      extract($_GET);
      if (isset($attempt)) {
        $combination = trim(file_get_contents($filename));
        if ($attempt === $combination) {

The Key is the extract after the $filename is set. This allows us to over ride the $filename variable in the $_GET. As such, we can tell the file_get_contents to get any file we want. For example /dev/null which would be null. If we also provide $attempt with a null (or empty string) we're passed. 

Simple as that. 

 

 

Add comment


Security code
Refresh