DEVHIDE
Login Or Sign up

How can I send a specific request body to an end point (CTF Web)

49 Views Asked by At

I have this ctf problem that gives me a site that randomly gives me a motivational quote each time I reload page, I also got this php file attached to it.

<?php

function random(int $length = 60): string
{
    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $randomString = '';

    for ($i = 0; $i < $length; $i++) {
        $randomString .= $characters[rand(0, strlen($characters) - 1)];
    }

    return $randomString;
}

function getQuote(): string
{
    $quotes = [
        "The only way to do great work is to love what you do.",
        "In three words I can sum up everything I've learned about life: it goes on.",
        "Success is not final, failure is not fatal: It is the courage to continue that counts.",
        "The best way to predict the future is to create it.",
        "Life is what happens when you're busy making other plans",
        "Do not wait to strike till the iron is hot, but make it hot by striking.",
        "Believe you can and you're halfway there.",
        "The only limit to our realization of tomorrow will be our doubts of today.",
        "The purpose of our lives is to be happy",
        "You miss 100% of the shots you don't take",
    ];

    $request_body = json_decode(file_get_contents('php://input'), true);

    if (isset($request_body['__']) && $request_body['__'] == hash('sha256', random() . time())) {
        return 'FLAG{fake-flag}';
    }

    return $quotes[rand(0, 9)];
}

getQuote();

I figured I need to send a specific Request Body containing the hash with provided method along the '__', I tried that with this python code:

import requests
import hashlib
import random
import time
import json


def randi(length=60):
    characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
    random_string = ''.join(random.choice(characters) for _ in range(length))
    return random_string


def hash():
    random_value = randi()
    timestamp = str(int(time.time()))
    data_to_hash = random_value + timestamp

    sha256_hash = hashlib.sha256(data_to_hash.encode()).hexdigest()
    return sha256_hash

def request():
    url = "http://206.189.50.236:1337"
    generated_hash = hash()

    payload = {
        "__": generated_hash
    }

    headers = {
        "Content-Type": "application/json"
    }

    response = requests.post(url, data=json.dumps(payload), headers=headers)
    
    print("Response:")
    print(response.text)

request()

but nothing worked

hash ctf
Original Q&A
1

There are 1 best solutions below

0
hexa On

PHP rand() image PHP rand() image from https://www.random.org/analysis/

As you can see from the image, PHP's rand() function generates a cycling pseudo-random sequence, so you could try observing the return value of return $quotes[rand(0, 9)];, and predicting the output of the random() function.
After that, you could try figuring out what string would pass the condition of hash('sha256', random() . time())) and you'll be able to solve it.

Related Questions in HASH

Related Questions in CTF

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.