⚡
Blog
  • 💲cat ~/README.md
  • CTF
    • GCTF 2023
      • Cryptography
        • Layers of Bases
      • Miscellaneous
        • Master Hidden Within The Slides
      • Pwn
        • Level 1
        • Level 2
        • Level 3
        • Level 4
      • Web
        • Include
    • KnightCTF 2023
      • Networking
      • Miscellaneous
      • Cryptography
        • Factorie
        • Xorathrust
    • Siber Siaga 2023 CTF
  • CAMP
    • Global Cybersecurity Camp 2023
    • Malaysia Cybersecurity Camp 2022
  • CONFERENCE
    • Brewing...
  • WRITE-UP
    • TryHackMe - Attacktive Directory Write-up
Powered by GitBook
On this page
  • Challenge details
  • Solution
  • Flag

Was this helpful?

  1. CTF
  2. GCTF 2023
  3. Pwn

Level 4

PreviousLevel 3NextWeb

Last updated 1 year ago

Was this helpful?

Challenge details

Solution

Below shows the source code of the challenge. We can see that len(inp)>13 code was used, telling us that any input that contains more that 13 characters are prohibited. So our objective for this challenge is pretty clear, we'll need some short payloads.

The first thing that came into my mind was breakpoint(). But it turned out that this is not working. Again, I was randomly inputting some codes to the server.

More trial and error were done. Like for real, I was just brute forcing any short codes :)

Ended up consulting an old friend of mind once again, Google. If you remember, I clicked on the first link for the previous challenge. Now, let's go with the second link.

Sweet! Found something interesting. The input() function is being wrapped in eval() function. The best part? It contains only 13 characters.

The payload was slightly modified so that it matches our flag location. Voila, flag!

Flag

GCTF2023{L3v31_f0ur_K33p_g0inggggg}

description