🍪 - AlpacaHack

Show TagsShow Solved

Rows:

CHALLENGE	AUTHORS	SOLVES (CURRENT)	SOLVE RATE (AT CONTEST TIME)
Welcome Misc	admin	1462 solves	-
AlpacaHack 2100 Misc Daily AlpacaHack	admin	1356 solves	-
a fact of CTF Crypto Daily AlpacaHack	xornet	774 solves	-
Simple Login Web AlpacaHack Round 2 (Web)	ark	588 solves	Top 28% = 84/300 users
Emojify Web Daily AlpacaHack	ark	529 solves	-
Leaked Flag Checker Rev Daily AlpacaHack	minaminao	507 solves	-
simpleoverflow Pwn Daily AlpacaHack	n01e0	455 solves	-
hit-and-miss Misc Daily AlpacaHack	ark	352 solves	-
super-tomato Crypto Daily AlpacaHack	kanon	347 solves	-
echo Pwn AlpacaHack Round 1 (Pwn)	ptr-yudai	345 solves	Top 32% = 56/174 users
Xmas Login Web Daily AlpacaHack	hiikunz	311 solves	-
Fushigi Crawler Web Daily AlpacaHack	minaminao	307 solves	-
Alpaca Bank Web Daily AlpacaHack	hiikunz	304 solves	-
Integer Writer Pwn Daily AlpacaHack	mora	295 solves	-
Read Assembly Rev Daily AlpacaHack	xrekkusu	292 solves	-
size limit Crypto Daily AlpacaHack	jp3bgy	289 solves	-
🐈 Web Daily AlpacaHack	ark	287 solves	-
Encoding Basics Misc Crypto Daily AlpacaHack	kurenaif	287 solves	-
108 Misc Daily AlpacaHack	admin	269 solves	-
Treasure Hunt Web AlpacaHack Round 7 (Web)	ark	266 solves	Top 15% = 71/458 users

Rows:

🍪

SECCON CTF 13 決勝観戦CTF

175 solves

Beginner Web

Author:

minaminao

ある条件を満たすとフラグが得られるようです

import Fastify from "fastify";
import fastifyCookie from "@fastify/cookie";

const fastify = Fastify();
fastify.register(fastifyCookie);

fastify.get("/", async (req, reply) => {
  reply.setCookie('admin', 'false', { path: '/', httpOnly: true });
  if (req.cookies.admin === "true")
    reply.header("X-Flag", process.env.FLAG);
  return "can you get the flag?";
});

fastify.listen({ port: process.env.PORT, host: "0.0.0.0" });

*完全なソースコードは以下からダウンロード可能です。

cookie.tar.gz

description solves writeups