Twisty Python (Fixed)

Description

Our development team has worked tirelessly to ensure that your experience is not only entertaining but also secure. We are convinced that now no vulnerability will be able to compromise your data.

Note: Due to the way Burp Suite handles responses, it might be wise to directly use sockets for this challenge. Additionally, because of the configuration of the remote infrastructure, only use a single IP address for output, otherwise your exploitation may not work.

Files

docker-compose.yml
twisty-python.tar.xz
4.56 KiB – 096dcc0f0337ca0e6493b74fe3718044193df729fa121c2b9b512345e6334b46

Author

Mizu

Challenge Instructions

First, download docker-compose.yml:
curl https://hackropole.fr/challenges/fcsc2024-web-twisty-python/docker-compose.public.yml -o docker-compose.yml
Launch the challenge by executing in the same folder:
docker compose up
Access the challenge at http://localhost:8000/.

⚠️ Important: You must solve the challenge by interacting with the Docker container through the exposed network port. Any other way is not considered valid.

In case you encounter problems, please consult the FAQ.

Flag

You don't have JavaScript actived. No problem! You can check your flag like this: echo -n 'PUT_THE_FLAG_HERE' | sha256sum # possible output: 76afd46af01a655cec33a6c8411b76d68394d867b979ac2f208a2bb9dfab7147

Writeups

I've been looking for a long time and I still can't find the flag!

You can vote for the solutions you prefer by using the on their respective pages.

Date	Author	Language	Tags	Vote
2024-04-15	_worty	🇬🇧