Skip to content

Instantly share code, notes, and snippets.

@senges

senges/The flag grabber.md

Created December 22, 2018 10:06
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save senges/fff74d02b3ec46ef4e72c4862bdd29f2 to your computer and use it in GitHub Desktop.
Save senges/fff74d02b3ec46ef4e72c4862bdd29f2 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
The flag grabber.md

The flag grabber

Quand on se rend sur le site du challenge, un bouton se place sous le curseur. Au clic, un pop-up apparait avec le message :

Nice try ! ;)

On regarde donc le code source de la page Ctrl+u On remarque un formulaire :

<form method="POST" id="formulaire"> 
	<input type="submit" value="I want my flag !" name="button"> 
</form>

On enssaye de l'envoyer :

curl -X POST --data "button=I want my flag !" https://the-flag-grabber.santhacklaus.xyz/

Et c'est flag

<p> Well done ! Here is your flag !</p>
IMTLD{J4v4scRipT_iS_W0nD3rFuL}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment