Python & Capture the Flag

10/30/2022:

I love participating in Capture The Flag (CTF) events. When I first became focused on pursuing a career in cybersecurity, I was encouraged by many in the community to compete in the numerous CTFs that are available for all skill levels. What I enjoy most about them, as opposed to standard IT/Security courses, is that the CTF revolves around critical thinking and researching solutions to each challenge. There is no curriculum to reference; it’s all on you!

This recent CTF I participated in presented me with a similar problem I had encountered in a previous event. This Web Challenge problem hosted in a Docker instance is displayed below:

Previously, I tried numerous techniques to solve this problem and receive the flag. First, I tried simply copying and pasting the output into the new URL. That was, of course, to no avail. So next, I tried capturing the GET response and utilizing the repeater function in Burp Suite to speed up my response time. Unfortunately, though I had faith this method would work, it also was not providing me with the flag.

GET Response

Inserting the GET Response into the URL answer format

Failure 🙁

When I saw this problem return in this latest event, I decided to take a different approach and write a program in Python to achieve a solution. My code is displayed below:

#!/bin/python3
# I created this script in order to successfully complete a challenge on a recent CTF I participated in
# MEISTSEC
# 10/2022

import requests

x = requests.get('http://10.10.100.200:40589/number/')

blow = x.content

tango = blow.decode('utf-8')

#print(tango)
r = requests.get(f'http://10.10.100.200:40589/number/?answer={tango}')
print(r.content.decode('utf-8'))

Utilizing the requests module, I can push HTTP requests to the server and harvest the response “string” into a variable I named “blow.” The response produced in the call needs to be more readable, “UTF-8” is used to format the string, and a new variable with the name change “tango” is produced. The script then makes the second GET request with the output of the variable “tango”, and takes it’s response and outputs it into a readable format.

Summary

Utilizing Python is an excellent way to solve security issues. The old me would go down a Google rabbit hole of trying to solve the problem by leveraging a security tool or methodology a competitor has previously utilized. Applying critical thinking, addressing what is happening in the problem, and programming my own solution is a more efficient and rewarding process. Being creative and building solutions aligns with my learning style.

Cheers, Meistsec!