webProeasy

Вокруг света

bug-makers

Task: Flask app reveals flag parts one per unique visitor IP, tracked via signed session cookie. Solution: rotate requests through free HTTP proxies while replaying the session cookie to accumulate IPs and collect all 9 flag parts.

$ ls tags/ techniques/

flask werkzeug session_cookie proxy ip_tracking

proxy_rotationsession_cookie_replayip_based_access_control_bypass

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]РоБОТЫ 2— bug-makers
[web][free]Six-Seven— alfactf
[web][Pro]Маскарад (Masquerade)— bug-makers
[web][Pro]Привилегированный гость (Privileged Guest)— hackerlab
[web][Pro]Bug Bounty-code— hackerlab