En construction !

Category: Web - Points: 999 - Difficulty : Moyen - Solves : 36

Description: Nous avons trouvé un nouveau site web mis en place par Hallebarde, mais il ne semble pas y avoir grand-chose dessus. Cependant la forte quantité de trafic détectée laisse à penser que Hallebarde l'utiliserait pour faire passer des messages secrets. Pourriez-vous jeter un oeil ?

Aucun outil de automatisé de bruteforce n'est nécessaire pour ce challenge, mais vous avez l'autorisation de scripter des requêtes répétitives.

Solution: To solve this challenge, you need to find a way to get the flag. I looked for the flag by applying the basic methods of web attacks (code analysis, Directory Transversal...). But unfortunately that didn't work. So I couldn't find anything... That's only after the end of the CTF, that I found the solution thanks to . To explain her method, he noticed that when he change page x, the status code value change. So he made a python script to get all status code :

import requests

url = "https://en-construction.404ctf.fr/page/%s"

retour = ""

for i in range(3,334):
    r = requests.get(url % i)
    retour += str(r.status_code)[1:]
print(retour)

When the code is executed, we get these values : 16230325116515615115715604011014115415414514214116214414504015414504006206604015216515115604030324004006106315005604012614515614517204015615715514216214516517005604011604715716514215415114517204016014116304015414504015515716404014414504016014116316314504016116515104016615716516304016014516215514516416416214104014404714515616416214516204014414115616304015414104016314115415414504016314514316230325016414504007204006406006410312410617310416206015406313710406313715506013106311613714406313714606406116206313712006416312306316213714406312313714406015611606306316313715606011607717505604011415715614716514504016615114504030324004011014115415414514214116214414504004 These are ASCII code that can be decipher with this :

404CTF{Dr0l3_D3_m0Y3N_d3_f41r3_P4sS3r_d3S_d0nN33s_n0N?}