mirror of https://github.com/dirtbags/moth.git
webapp puzzle stuff
This commit is contained in:
parent
dbd9aea6f1
commit
32a5f22637
|
@ -0,0 +1,32 @@
|
|||
#!/usr/bin/python
|
||||
|
||||
import cgi
|
||||
import cgitb
|
||||
|
||||
print 'Content-Type: text/html'
|
||||
print ''
|
||||
|
||||
print '''
|
||||
<html>
|
||||
<head>
|
||||
<title>1</title>
|
||||
<link rel="stylesheet" type="text/css" href="../ctf.css" media="all" />
|
||||
<!-- key = ktFfb8R1Bw -->
|
||||
</head>
|
||||
<body>
|
||||
<div id="wrapper">
|
||||
<div id="content">
|
||||
<h1>Web Application Challenge 1</h1>
|
||||
<p>Through some manipulation or interpretation of this CGI script
|
||||
and the HTML page(s) that it generates, a 10 character key can be
|
||||
found.</p>
|
||||
<p><strong>Find the key!</strong></p>
|
||||
</div>
|
||||
<div id="footer">
|
||||
<p>Copyright © 2009 LANS, LLC.</p>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
'''
|
||||
|
|
@ -0,0 +1 @@
|
|||
ktFfb8R1Bw
|
|
@ -0,0 +1,48 @@
|
|||
#!/usr/bin/python
|
||||
|
||||
import cgi
|
||||
import cgitb
|
||||
cgitb.enable(context=10)
|
||||
|
||||
fields = cgi.FieldStorage()
|
||||
|
||||
print 'Content-Type: text/html'
|
||||
print ''
|
||||
|
||||
|
||||
print '''
|
||||
<html>
|
||||
<head>
|
||||
<title>2</title>
|
||||
<link rel="stylesheet" type="text/css" href="../ctf.css" media="all" />
|
||||
</head>
|
||||
<body>
|
||||
<div id="wrapper">
|
||||
<div id="content">
|
||||
<h1>Web Application Challenge 2</h1>
|
||||
<p>Through some manipulation or interpretation of this CGI script
|
||||
and the HTML page(s) that it generates, a 10 character key can be
|
||||
found.</p>
|
||||
<p><strong>Find the key!</strong></p>
|
||||
<p style="margin-top: 5em;">Question: How many geeks does it take to break a CGI?</p>
|
||||
'''
|
||||
|
||||
# key = uq4G4dXrpx
|
||||
if (fields.has_key('num')):
|
||||
print '''
|
||||
<p style="color: #fff;">You entered %d.</p>
|
||||
''' % int(fields['num'].value)
|
||||
|
||||
print '''
|
||||
<form method="get" action="two.py">
|
||||
Enter an integer: <input name="num" type="text" size="10" />
|
||||
</form>
|
||||
</div>
|
||||
<div id="footer">
|
||||
<p>Copyright © 2009 LANS, LLC.</p>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
'''
|
||||
|
|
@ -0,0 +1 @@
|
|||
uq4G4dXrpx
|
|
@ -0,0 +1,73 @@
|
|||
#!/usr/bin/python
|
||||
|
||||
import cgi
|
||||
import cgitb
|
||||
cgitb.enable(context=10)
|
||||
|
||||
fields = cgi.FieldStorage()
|
||||
|
||||
print 'Content-Type: text/html'
|
||||
print ''
|
||||
|
||||
|
||||
print '''
|
||||
<html>
|
||||
<head>
|
||||
<title>3</title>
|
||||
<link rel="stylesheet" type="text/css" href="../ctf.css" media="all" />
|
||||
</head>
|
||||
<body>
|
||||
<div id="wrapper">
|
||||
<div id="content">
|
||||
<h1>Web Application Challenge 3</h1>
|
||||
<p>Through some manipulation or interpretation of this CGI script
|
||||
and the HTML page(s) that it generates, a 10 character key can be
|
||||
found.</p>
|
||||
<p><strong>Find the key!</strong></p>
|
||||
|
||||
<div class="vertsep"></div>
|
||||
'''
|
||||
|
||||
PRODUCT_NAME = "Monkey of some kind"
|
||||
|
||||
def purchase_success(quantity):
|
||||
print '''
|
||||
<p>Congratulations, your order for %d "%s" has been placed.</p>
|
||||
''' % (quantity, PRODUCT_NAME)
|
||||
|
||||
# key = BRrHdtdADI
|
||||
if fields.has_key('quantity') and fields.has_key('product') and fields['product'].value == PRODUCT_NAME:
|
||||
product = fields['product'].value
|
||||
quantity = int(fields['quantity'].value)
|
||||
|
||||
purchase_success(quantity)
|
||||
else:
|
||||
print '''
|
||||
|
||||
<h2>SALE: %s</h2>
|
||||
<p>Use the order form below to place an order.</p>
|
||||
|
||||
<form method="get" action="3.py">
|
||||
How many would you like?
|
||||
<select name="quantity">
|
||||
<option value="12">12</option>
|
||||
<option value="24">24</option>
|
||||
<option value="48">48</option>
|
||||
</select>
|
||||
<br /><br />
|
||||
<input type="submit" value="Order!" />
|
||||
<input type="hidden" name="product" value="%s" />
|
||||
</form>
|
||||
''' % (PRODUCT_NAME, PRODUCT_NAME)
|
||||
|
||||
print '''
|
||||
|
||||
</div>
|
||||
<div id="footer">
|
||||
<p>Copyright © 2009 LANS, LLC.</p>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
'''
|
||||
|
|
@ -0,0 +1 @@
|
|||
BRrHdtdADI
|
|
@ -0,0 +1,76 @@
|
|||
#!/usr/bin/python
|
||||
|
||||
import os
|
||||
import cgi
|
||||
import cgitb
|
||||
cgitb.enable(context=10)
|
||||
|
||||
if os.environ.has_key('QUERY_STRING'):
|
||||
os.environ['QUERY_STRING'] = ''
|
||||
|
||||
fields = cgi.FieldStorage()
|
||||
|
||||
print 'Content-Type: text/html'
|
||||
print ''
|
||||
|
||||
print '''
|
||||
<html>
|
||||
<head>
|
||||
<title>4</title>
|
||||
<link rel="stylesheet" type="text/css" href="../ctf.css" media="all" />
|
||||
</head>
|
||||
<body>
|
||||
<div id="wrapper">
|
||||
<div id="content">
|
||||
<h1>Web Application Challenge 4</h1>
|
||||
<p>Through some manipulation or interpretation of this CGI script
|
||||
and the HTML page(s) that it generates, a 10 character key can be
|
||||
found.</p>
|
||||
<p><strong>Find the key!</strong></p>
|
||||
|
||||
<div class="vertsep"></div>
|
||||
'''
|
||||
|
||||
PRODUCT_NAME = "Unidentifiable garbage"
|
||||
|
||||
def purchase_success(quantity):
|
||||
print '''
|
||||
<p>Congratulations, your order for %d "%s" has been placed.</p>
|
||||
''' % (quantity, PRODUCT_NAME)
|
||||
|
||||
# key = 765JBo4B54
|
||||
if fields.has_key('quantity') and fields.has_key('product') and fields['product'].value == PRODUCT_NAME:
|
||||
product = fields['product'].value
|
||||
quantity = int(fields['quantity'].value)
|
||||
|
||||
purchase_success(quantity)
|
||||
else:
|
||||
print '''
|
||||
|
||||
<h2>SALE: %s</h2>
|
||||
<p>Use the order form below to place an order.</p>
|
||||
|
||||
<form method="post" action="4.py">
|
||||
How many would you like?
|
||||
<select name="quantity">
|
||||
<option value="12">12</option>
|
||||
<option value="24">24</option>
|
||||
<option value="48">48</option>
|
||||
</select>
|
||||
<br /><br />
|
||||
<input type="submit" value="Order!" />
|
||||
<input type="hidden" name="product" value="%s" />
|
||||
</form>
|
||||
''' % (PRODUCT_NAME, PRODUCT_NAME)
|
||||
|
||||
print '''
|
||||
|
||||
</div>
|
||||
<div id="footer">
|
||||
<p>Copyright © 2009 LANS, LLC.</p>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
'''
|
||||
|
|
@ -0,0 +1 @@
|
|||
765JBo4B54
|
Binary file not shown.
After Width: | Height: | Size: 626 B |
|
@ -0,0 +1,54 @@
|
|||
html,body {
|
||||
height: 100%;
|
||||
min-height: 100%;
|
||||
background-color: #000000;
|
||||
background-image: url("binary.png");
|
||||
background-repeat: repeat-x repeat-y;
|
||||
margin: 0;
|
||||
padding: 0;
|
||||
}
|
||||
|
||||
#wrapper {
|
||||
min-height: 100%;
|
||||
height: 100%;
|
||||
width: 800px;
|
||||
margin: 0 auto;
|
||||
border-left: 2px solid #009900;
|
||||
border-right: 2px solid #009900;
|
||||
font: .9em monospace;
|
||||
color: #009900;
|
||||
padding: 0;
|
||||
background: #000;
|
||||
}
|
||||
|
||||
#content {
|
||||
padding: 2em 1.5em 2em 1.5em;
|
||||
}
|
||||
|
||||
#footer {
|
||||
padding: 0;
|
||||
margin: 0;
|
||||
height: 2em;
|
||||
line-height: 2em;
|
||||
width: 800px;
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
input {
|
||||
background-color: #222;
|
||||
color: #fff;
|
||||
border: 1px solid #009900;
|
||||
padding: 1px 2px 1px 2px;
|
||||
}
|
||||
|
||||
h1,h2,h3,h4 {
|
||||
padding-bottom: 5px;
|
||||
}
|
||||
|
||||
.vertsep {
|
||||
width: 100%;
|
||||
height: 1px;
|
||||
padding: 0;
|
||||
margin: 2em auto 2em auto;
|
||||
border-bottom: 1px dotted #222;
|
||||
}
|
Loading…
Reference in New Issue