A disturbing lack of taste. Just another WordPress site


Boston Key Party CTF 2014 – Web200 Writeup

The task gave a us a link to a site containng some javascript base64 stuff and jquery ones. A broken image is displayed and once you click on it the browser will make an AJAX request to /rpc(base64_encoded_stuff) . Now decoding the part of the request after '/rpc' it pointed out that it is a number that will be sum'ed with '5' by the server after. After a bit of testing we found out that we are dealing with the functional programming language Scheme (as hinted by the title of the chall) by submitting special chars like '#' and googlin the errors that popped out. After reading the reference and the manual we tryed some code like:

( print "hi") or (* 8 8)

and they worked. So we can now take the flag just by opening the 'key' file:

( (call-with-input-file "./key"
(lambda (input-port)
(let loop ((x (read-char input-port)))
(if (not (eof-object? x))
(display x)
(loop (read-char input-port))))))))



Comments (1) Trackbacks (0)
  1. Hi very nice write-up, my team failed to use the ajax method so we solved it by using php :


Leave a comment

No trackbacks yet.