一直自动跳转/die/页面,抓包查看
看到有个/chase/,进去看一下
发现/leftt/
/static/js/door.js
最后来到static/js/fight.js
// Run to scramble original flag
//console.log(scramble(flag, action));
function scramble(flag, key) {
for (var i = 0; i < key.length; i++) {
let n = key.charCodeAt(i) % flag.length;
let temp = flag[i];
flag[i] = flag[n];
flag[n] = temp;
}
return flag;
}
function check_action() {
var action = document.getElementById("action").value;
var flag = ["{hey", "_boy", "aaaa", "s_im", "ck!}", "_baa", "aaaa", "pctf"];
// TODO: unscramble function
}
flag顺序被打乱了,组合一下
#coding:utf-8
from itertools import permutations
flag = ["{hey", "_boy", "aaaa", "s_im", "ck!}", "_baa", "aaaa", "pctf"]
item = permutations(flag)
for i in item:
k = ‘‘.join(list(i))
if k.startswith(‘pctf{hey_boys‘) and k[-1] == ‘}‘:
print(k)
最后flagpctf{hey_boys_im_baaaaaaaaaack!}