I did not get much time to play this CTF but within the time frame, CoinGame was one of the challenges which I was able to solve. This challenge had comparatively lesser solves than other web challenges but was easy.
Challenge link :
So about this challenge, we get a welcome page wherein it is written
and a textbox wherein we can give url’s (hopefully).
The source code revealed nothing. But after giving
google.com in the textbox, we were able to notice a particular request being set and showing us a page with response status
302. The URL was perfect enough to understand what it was, LFI.
The very next step was to see what is inside
http://coingame.challs.malice.fr/curl.php?way=../../../etc/passwd reveals nothing but,
http://coingame.challs.malice.fr/curl.php?way=file:///etc/passwd gave us the list of every registered user that has access to that system.
Since the file names were there, I quickly tried to see if the files that exist in the challenge server are the same. I then gave in
http://coingame.challs.malice.fr/curl.php?way=file:///home/CoinGame/Bonus.py which gave me the
I assumed that all the other challenge file names would be the same and we have to only find the files which are altered by the admin of the challenge. I was quickly going through the files in the github repo and found that there were a lot of files and manually fetching would be cumbersome.
So with the help of my team mate,
dnvira, we got a script which would actually wget the entire files and subdirectories.
Comparing the hashes of the cloned repo and the one we got from the challenge server gave us a few files being differentiate from others. I was going through a few of them and apparently a few images in
gameAnimationImages had flag written at the bottom end.
There were two places wherein I was stuck. One was using
tftp which would have been a way to proceed further and the next one, fetching all the files. Apparently the former one was where I was stuck for long time.
Reach me out on Twitter.
Enjoy Reading This Article?
Here are some more articles you might like to read next: