writeups/2024-n00bz-ctf/ #2
Description
2024 n00bzCTF - deciphr
Challenges Passwordless Passwordless Tired of storing passwords? No worries! This super secure website is passwordless!
For this challenge, we had to exploit a program weakness.
app.py
#!/usr/bin/env python3 from flask import Flask, request, redirect, render_template, render_template_string import subprocess import urllib import uuid global leet app = Flask(name) flag = open('/flag.txt').read() leet=uuid.UUID('13371337-1337-1337-1337-133713371337') @app.route('/',methods=['GET','POST']) def main(): global username if request.method == 'GET': return render_template('index.html') elif request.method == 'POST': username = request.values['username'] if username == 'admin123': return 'Stop trying to act like you are the admin!