Challenge 1:
https://jiaozi-restaurants.com/booking-form?
venue=shanghai&seedID=0:0:0:0&name=a&date=a
Put that in the url.
Do the captcha of 2222.
You can type “a” for name and date.
Do the captcha 5 times and you get the flag,
FLag: oT1MmYXaRpYec6ETl4F3
Challenge 2:
Pretty sure I didn't do this as intended.
I just held down enter until it errored out, saying welcome<unintialized>.
Tried typing random things, turns out just "flag" retrieves the flag.
FLAG: ZhSX9onhPC7y1LTqhE
Challenge 3:
Flag: mVFpxbUcM8CBb37fmr
Challenge 4:
Flag: 6pas0apcxasd7aswzzsapzla
Challenge 5:
Flag: 4UPzOlkhlUBvY8bHikd
Challenge 6:
Got the scrambled version with Cyberchef strings:
.r4n.dOm.d4t.4is.fun.444.all.
r4n.dOm.d4t.4is.fun.444.all
r4ndOm_d4t4_is_fun_444_all
r4ndOmd4t4isfun444all
randOmdataisfun4all
Flag: r4nd4tfunall4is444dOm
Challenge 7:
eb 3e 58 89 c1 bb 00 00 00 00 ba 53 00 00 00 31 c0 8a 04 19
, 53 51 50 89 e1 b8 04 00 00 00 bb 01 00 00 00 52 ba 01 00 00
00 cd 80 5a 59 59 5b 43 43 4a 75 db b8 01 00 00 00 bb 00 00
00 00 cd 80 e8 bd ff ff ff 73 68 65 6c 6c 63 6f 64 65 5f 69
73 5f 64 61 74 61 5f 64 61 74 61 5f 69 73 5f 73 68 65 6c 6c
63 6f 64 65
Hex: shellcode_is_data_data_is_shellcode
#include <stdio.h>
#include <sys/mman.h>
#include <unistd.h>
const char shellcode[] = "\xeb\x3e\x58\x89\xc1\xbb\x00\x00\x00\x00\xba\
x53\x00\x00\x00\x31\xc0\x8a\x04\x19\x53\x51\x50\x89\xe1\xb8\x04\x00\
x00\x00\xbb\x01\x00\x00\x00\x52\xba\x01\x00\x00\x00\xcd\x80\x5a\x59\
x59\x5b\x43\x43\x4a\x75\xdb\xb8\x01\x00\x00\x00\xbb\x00\x00\x00\x00\
xcd\x80\xe8\xbd\xff\xff\xff\x73\x68\x65\x6c\x6c\x63\x6f\x64\x65\x5f\x69\
x73\x5f\x64\x61\x74\x61\x5f\x64\x61\x74\x61\x5f\x69\x73\x5f\x73\x68\x65\
x6c\x6c\x63\x6f\x64\x65";
int main(int argc, char **argv) {
long page_size = sysconf(_SC_PAGESIZE);
void *page_start = (void *) ((long) shellcode & -page_size);
if (mprotect(page_start, page_size * 2, PROT_READ | PROT_EXEC)) {
perror("mprotect");
} else {
(*(void(*)())shellcode)();
}
}
sudo gcc -m32 -fno-stack-protector -z execstack shell.c -o shell
https://jiaozi-restaurants.com/booking-form?
venue=shanghai&seedID=0:0:0:0&name=a&date=a
Put that in the url.
Do the captcha of 2222.
You can type “a” for name and date.
Do the captcha 5 times and you get the flag,
FLag: oT1MmYXaRpYec6ETl4F3
Challenge 2:
Pretty sure I didn't do this as intended.
I just held down enter until it errored out, saying welcome<unintialized>.
Tried typing random things, turns out just "flag" retrieves the flag.
FLAG: ZhSX9onhPC7y1LTqhE
Challenge 3:
Flag: mVFpxbUcM8CBb37fmr
Challenge 4:
Flag: 6pas0apcxasd7aswzzsapzla
Challenge 5:
Flag: 4UPzOlkhlUBvY8bHikd
Challenge 6:
Got the scrambled version with Cyberchef strings:
.r4n.dOm.d4t.4is.fun.444.all.
r4n.dOm.d4t.4is.fun.444.all
r4ndOm_d4t4_is_fun_444_all
r4ndOmd4t4isfun444all
randOmdataisfun4all
Flag: r4nd4tfunall4is444dOm
Challenge 7:
eb 3e 58 89 c1 bb 00 00 00 00 ba 53 00 00 00 31 c0 8a 04 19
, 53 51 50 89 e1 b8 04 00 00 00 bb 01 00 00 00 52 ba 01 00 00
00 cd 80 5a 59 59 5b 43 43 4a 75 db b8 01 00 00 00 bb 00 00
00 00 cd 80 e8 bd ff ff ff 73 68 65 6c 6c 63 6f 64 65 5f 69
73 5f 64 61 74 61 5f 64 61 74 61 5f 69 73 5f 73 68 65 6c 6c
63 6f 64 65
Hex: shellcode_is_data_data_is_shellcode
#include <stdio.h>
#include <sys/mman.h>
#include <unistd.h>
const char shellcode[] = "\xeb\x3e\x58\x89\xc1\xbb\x00\x00\x00\x00\xba\
x53\x00\x00\x00\x31\xc0\x8a\x04\x19\x53\x51\x50\x89\xe1\xb8\x04\x00\
x00\x00\xbb\x01\x00\x00\x00\x52\xba\x01\x00\x00\x00\xcd\x80\x5a\x59\
x59\x5b\x43\x43\x4a\x75\xdb\xb8\x01\x00\x00\x00\xbb\x00\x00\x00\x00\
xcd\x80\xe8\xbd\xff\xff\xff\x73\x68\x65\x6c\x6c\x63\x6f\x64\x65\x5f\x69\
x73\x5f\x64\x61\x74\x61\x5f\x64\x61\x74\x61\x5f\x69\x73\x5f\x73\x68\x65\
x6c\x6c\x63\x6f\x64\x65";
int main(int argc, char **argv) {
long page_size = sysconf(_SC_PAGESIZE);
void *page_start = (void *) ((long) shellcode & -page_size);
if (mprotect(page_start, page_size * 2, PROT_READ | PROT_EXEC)) {
perror("mprotect");
} else {
(*(void(*)())shellcode)();
}
}
sudo gcc -m32 -fno-stack-protector -z execstack shell.c -o shell
