misc Writeup
Unintended solution: answer leak in file name.
Challenge Description
Accessing the URL given by the challenge, we are greeted with a fingerprint and are prompted to determine if it’s a male or female fingerprint.
Solution
The intended solution was to train a model to classify fingerprints. However, if you right-click the image and open it in a new tab, it will download a file that contains the gender the fingerprint belongs to.
Automation Script
To automate the process, I coded a simple Python script to go through the 90 fingerprints by downloading the image and extracting the file name. The flag will be printed at the end.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
import requests
from selenium import webdriver
from selenium.webdriver.common.by import By
from selenium.webdriver.chrome.service import Service
from selenium.webdriver.support.ui import Select
from webdriver_manager.chrome import ChromeDriverManager
# Set up the WebDriver
options = webdriver.ChromeOptions()
options.add_argument('--headless') # Run in headless mode if you don't need a GUI
driver = webdriver.Chrome(service=Service(ChromeDriverManager().install()), options=options)
url = "http://34.107.71.117:30921/"
driver.get(url)
for i in range(0, 90):
image = driver.find_element(By.TAG_NAME, 'img')
src = image.get_attribute('src')
headers = {
'Cookie': f'user_challenges={driver.get_cookie("user_challenges")["value"]}'
}
response = requests.get(src, headers=headers, stream=True)
content_disposition = response.headers['Content-Disposition']
file_name = content_disposition.split('filename=')[-1].strip('"')
if file_name.split('_')[2] == 'M':
choice = 'M'
else:
choice = 'F'
select = Select(driver.find_element(By.ID, 'label'))
select.select_by_value(choice)
driver.find_element(By.XPATH, '//form').submit()
print(driver.page_source)
# Close the WebDriver session
driver.quit()
Flag
1
CTF{97c87b18d5fd447d1e180aeee8e474e74ac950cd567489cf51004cf12ead8fae}
This post is licensed under CC BY 4.0 by the author.