DamCTF: write-up
DamCTF is a Capture the Flag competition hosted by the Oregon State University Security Club (OSUSEC). The competition is designed for college teams, but all are welcome to play.
Let’s see how I solved some of the challenges
web/finger-warmup (beginner)
So let’s open the given link.
So initially I thought let me click on the link and see what happens.
So I was redirected to a new link but the content of the webpage was the same as the previous just at the end of the URL one new string was added.
String the was added at end of the URL: “un5vmavt8u5t5op1u94h”
So I thought let me click one more time,
So I was redirected to a new page.
So now I know we need to recursively click on the link to get the flag.
Let’s create one python script that will do this task. like we can not click again and again because it’s really annoying task.
You can find code by click on this link: Visit Code.
import requests
from bs4 import BeautifulSoupdef recursiveUrl(url, link):
print(link['href'])
page = requests.get(url + link['href'])
soup = BeautifulSoup(page.text, 'html.parser')
newlink = soup.find('a')
if len(newlink) == 0:
return link
else:
return link, recursiveUrl(url, newlink)def getLinks(url):
page = requests.get(url)
soup = BeautifulSoup(page.text, 'html.parser')
links = soup.find_all('a')
for link in links:
links.append(recursiveUrl(url, link))
return linkslinks = getLinks("https://finger-warmup.chals.damctf.xyz/")
print(links)
What this script does is :
- It will first go to the specified URL.
- It parses the HTML code of that website.
- Now it tries to find all “a href” tags present on the webpage.
- Then it will try to open the webpage one by one. (recursiveUrl)
- This process continues until there is no link to visit.
So what I did is I just run this script via command prompt and saved output in abc.txt file like this,
Let’s see the abc.txt file.
Let’s visit the last link.
Flag : dam{I_hope_you_did_this_manually}
