I hereby claim:
- I am bayotop on github.
- I am bayotop (https://keybase.io/bayotop) on keybase.
- I have a public key whose fingerprint is 38D3 3EC0 5654 05BC 3C76 686F C090 53E7 6BFB A3FD
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
<!DOCTYPE html> | |
<head> | |
<title>CSP strict-dynamic + preload link in Chrome</title> | |
<meta http-equiv="Content-Security-Policy" content="script-src 'nonce-123' 'strict-dynamic'" /> | |
</head> | |
<body> | |
<script nonce="123"> | |
var f = document.createElement("link"); | |
f.rel = "preload"; // prefetch works perfectly fine | |
f.href = "/foo.js" |
param( | |
[Parameter(Mandatory=$true)] | |
[string] $Path, | |
[Parameter(Mandatory=$true)] | |
[string] $Wordlist, | |
[array] $Exclude = @("*.jpg","*.png","*.dll","*.exe","*.so","*.o"), | |
[string] $OutputFile = "usages.csv" | |
) | |
function Prepare-OutputFile($OutputFile) { |
string secret = "\ud8ab"; | |
string secret2 = "\ud8cd"; | |
if (!secret.Equals(secret2)) | |
{ | |
Console.Out.WriteLine("The strings are not equal."); | |
} | |
computeSignature(secret, "timestamp", "payload"); // returns 1eba7aac5f10ee7aa985722256aa4125e8e59fe256386c8ab10295063d986e57 | |
computeSignature(secret2, "timestamp", "payload"); // returns 1eba7aac5f10ee7aa985722256aa4125e8e59fe256386c8ab10295063d986e57 |
Description
https://www.hackerone.com/blog/hack-your-way-to-nyc-this-december-for-h1-212
How I found the flag
I ran an obligatory port scan, checked the IP using shodan.io, and did some basic directory discovery.
I found two open ports - 22 and 80 - and one directory /flag
with a message from the creators.
As this wasn't really helpful, I tried to enumerate vhosts and found one resulting in a different response: admin.acme.org.