hello <?php /* Flag is at /flag.txt Hint for beginners: read curl's manpage. */ highlight_file(__FILE__); $url = 'file:///hi.txt'; if( array_key_exists('x', $_GET) &&

Intro I played UIUCTF a few weeks ago and there were many awesome challenges. I worked on some of the web challenges and this is the write-up for the "precisionism" challenge as3617 and I managed to solve it. I was planning to write this to be beginner-friendly, so I have included some information for beginners. Downloading the challenge The challenge attachment folder structure is like this: / precisionism - app.py - Dockerfile /ism-bot

prewords You can find the challenge links and exploit here. RaaS-v1 - web This challenge was the welcome web challenge. The purpose of this challenge was to make players read the documents of curl and find a little-known curl feature to read /flag.txt. <?php if($_SERVER['REMOTE_ADDR'] == '127.0.0.1'){ die('curl :thonk:');

Intro What is pwnyIDE? Pwny IDE is a good-looking advanced IDE that lets you write HTML/CSS code and watch the changes in real-time! Pretty cool right? JS is not supported :) Start of the journey This challenge was one of the unsolved challenges in UIUCTF 2021, and it was also pretty fun! The author decided to not release the solution after the contest and he also ran a bounty program ($50 to the first solver). Luckily we could solve it after the CTF and we won both the contest and the bounty! How it works