Write-Up

The article explains exploiting a race condition in a Starlette app to bypass os.stat checks, using symlinks, and ultimately retrieving the flag from /proc/self/environ.

Challenge Description n c p s a a o o m t i l e e n v : g t e o s s I r : : n y t : 1 8 r 0 9 u w 0 d e p s e b t o r s l e v x e p s l o i t a t i o n I just made a book library website! Let me know what you think of it! ...

Challenge Description n c p c a a o t m t i f e e n - : g t d o s a h r : t e y e l : 1 : l 3 o w 6 A e u b g e 1 x 7 p t l h o , i t 2 a 0 t 2 i 4 o n Just to warm you up for the next Fight :“D ...

Challenge Description n c p a a o m t i e e n : g t o s t r : r y a : 1 v 2 e w 3 r e s b e d I made this website! you can’t see anything else though… right?? URL: http://litctf.org:31778/ Solution Based on the name of the challenge, I can feel a path traversal vulnerability looming around lol, anyway, let’s check the website: ...

Challenge Description n c p a a o m t i e e n : g t o s j r : w y t : 1 - 1 2 w 7 e b its like jwt-1 but this one is harder URL: http://litctf.org:31777/ Solution The description is very clear, the vulnerability should be in how the signature is handled, but instead of no verification at all, we should expect something harder this time. ...

Challenge Description n c p a a o m t i e e n : g t o s j r : w y t : 1 - 1 1 w 1 e b I just made a website. Since cookies seem to be a thing of the old days, I updated my authentication! With these modern web technologies, I will never have to deal with sessions again. Come try it out at http://litctf.org:31781/. ...

Challenge Description n c p a a o m t i e e n : g t o s a r : n y t : 1 i 0 - w 9 i e n b s p e e x c p t l o i t a t i o n can you find the answer? WARNING: do not open the link your computer will not enjoy it much. URL: http://litctf.org:31779/ Hint: If your flag does not work, think about how to style the output of console.log ...

Challenge Description n c p a a a o u m t i t e e n h : g t o o s r f r : : i y l : 4 N e 7 o w 8 o s e b h b M a a r e s i x t n p e g l r o p i + o t r a N t t o a i o l o b n H a c k e r Welcome to the file sharing portal! We only support tar files! ...