Press "Enter" to skip to content

[IceCTF]Toke – 45pt

Question:

I have a feeling they were pretty high when they madethis

website...

Solution:

進入到網頁後 , 在登入的位置沒有發現可以利用的東西 , 所以我就去註冊了一個帳號看看

在登入後則是如以下版面

{IceCTF2016}[Web](Stage2)Toke - 45pt

在分析後發現網站設置了2個 cookies , 分別是

jwt_token:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmbGFnIjoiSWNlQ1RGe2pXN190MEszbnNfNFJlX25PX3AxNENFX2ZPUl81M0NyRTdTfSIsInVzZXIiOiJibGFja3RyIn0.iBGoz4McIobEU5y3NHJa5b6AJwsZrdoquA8XmsWnL74

session:

eyJ1c2VyIjoxODgzfQ.CpMTpA.8LVkhNz-nWm8A1tZSXZkEYKL4l8

我先拿其value去 base64 decode試試看

session:

{"user":1883}.VHMu

me%ِF

/|

jwt_token:

{"alg":"HS256","typ":"JWT"}.{"flag":"IceCTF{jW7_t0K3ns_4Re_nO_p14CE_fOR_53CrE7S}","user":"blacktr"}.σ"S4rZ往'*ŧ/

結果答案就出來了 , 十分簡單

Comments