Post

Beginner ducks

Posted Updated
By acelxrd 1 min read

Description

Hiiiii, welcome to ASIS CTF. We have ducks. Check them out here Note for beginners: If you haven’t played CTF before, this video might help you to understand what you have to do.

1

Download source-code from [here](https://asisctf.com/tasks/beginner-duck_e07a773303522f0ef1b15cc345cf2c9885132daf.txz).

Steps

Upon opening the website and the source code we can see that the server takes a GET argument what at the route /duck checks that the what argument does not contain anything other than text or an escaped . then runs eval on the argument and uses the return of the eval as the file name to open and read from

Untitled

we can also see that the flag is read into the variable flag before the app is served

Untitled

Solution

by debugging the code we notice that the variable f is not cleared and is still stored in the program’s global variables

Untitled

with this we can send a get request to the server with the argument [f.name](http://f.name/) to read the flag

curl http://ducks.asisctf.com:8000/duck\?what\=f.name

and we got the flag :D

Untitled

Flag

ASIS{run-away-ducks-are-coming-🦆🦆}

CTF, AsisCTF
AsisCTF Web python-eval
This post is licensed under CC BY 4.0 by the author.