Foreword
This is a very simple basic questions CTF, long time did not encounter such a simple question, and I see hope in life, the future is full of longing
topic Link: https://buuoj.cn/challenges#[% % 9E% 81% E6 E5% AE% A2% E5% A4% A7% E6%. 8C% 91% E6% 88% 98% 202019] Havefun
( [https://buuoj.cn inside web geeks like big challenges 2019] Havefun)
recurrent
First test the water
open topic Link we can see only a static page, even the things you can not point
- Perspicacious
page out other than a cute fat cat and consequently did not, and it would feel this question is not simple ah, do not burn CTF is a brain do?
Let us go further temptation, right view the source code to see if there any tips or information leakage - Look ignorant force
in the last few lines of source code that appears suspicious comment
<!--
$cat=$_GET['cat'];
echo $cat;
if($cat=='dog'){
echo 'Syc{cat_cat_cat_cat}';
}
-->This is a PHP code, we have to pass a GET cat, cat direct output value, if the value of cat dog will direct output Syc {cat_cat_cat_cat}. At first I thought Syc {cat_cat_cat_cat} is the flag, submitted discovery failed, but the format and the flag looks very much like, if not the flag and the flag may also xx kind of relationship. We tried to pass a value of cat Dog ( http://d776180d-4960-4eca-8b2a-e87c5f2f3d71.node3.buuoj.cn/?cat=dog )
result is not out of Syc {cat_cat_cat_cat}, but really flag I also look ignorant to force it.
to sum up
也许出题人就是想考一下‘聪明’人,故意写一个假的flag把人给强制带偏。我们在CTF比赛中要多去试探,不要为了节约一些时间而错过了出题人给你的惊喜