WPI CTF: πŸ‘‰πŸ˜ŽπŸ‘‰

Apr 18, 2020 β€’ One minute to read

Challenge Description

sunglass-2

πŸ‘ˆπŸ˜ŽπŸ‘ˆZoopπŸ‘‰πŸ˜ŽπŸ‘‰Zoop πŸ‘ˆπŸ˜ŽπŸ‘ˆZoopπŸ‘‰πŸ˜ŽπŸ‘‰Zoop πŸ‘ˆπŸ˜ŽπŸ‘ˆZoopπŸ‘‰πŸ˜ŽπŸ‘‰Zoop πŸ‘ˆπŸ˜ŽπŸ‘ˆZoopπŸ‘‰πŸ˜ŽπŸ‘‰Zoop πŸ‘ˆπŸ˜ŽπŸ‘ˆZoopπŸ‘‰πŸ˜ŽπŸ‘‰Zoop

πŸ‘ˆπŸ˜ŽπŸ‘ˆZoopπŸ‘‰πŸ˜ŽπŸ‘‰Zoop πŸ‘ˆπŸ˜ŽπŸ‘ˆZoopπŸ‘‰πŸ˜ŽπŸ‘‰Zoop πŸ‘ˆπŸ˜ŽπŸ‘ˆZoopπŸ‘‰πŸ˜ŽπŸ‘‰Zoop πŸ‘ˆπŸ˜ŽπŸ‘ˆZoop

http://zoop.wpictf.xyz

made by: ollien

Exploring

So seems it starts with a web page. Let’s take a look first.

page

This looks like a IM, and a friend talks about sending a file from a website http://storage.zoop. Let’s poke around.

When I click on “Attach” button, a dialog shows up. It allows me to input a URL of the storage.zoop website, and I can even preview the file of the URL I input.

attach

The Attach Dialog

Well, let’s try the file mentioned by our friend first.

quarterly_report

Wow. Such anger. So fierce. doge

But I just can’t resist to try again with file name flag.txt in that URL.

And… TADA!

flag

CTFWPICTF2020

WPI CTF: John Cena 🎺🎺🎺🎺

CSEC CTF: Missing

comments powered by Disqus