Home HackyEaster 2022 C0ns0n4nt Pl4n3t
Writeup
Cancel

C0ns0n4nt Pl4n3t

Challenge

Apollo wants his name printed on that fancy new site. He’s constantly failing as vowels and some special characters are blocked when entered.

Can you help him?

http://46.101.107.117:2205

Note: The service is restarted every hour at x:00.

Solution

If we enter a vowel, the site will not print our entry.

For example:

1
http://46.101.107.117:2205/?name=Apollo

Response: f0rb1dd3n

If we enter just a double-quote, we trigger an error:

1
Parse error: syntax error, unexpected '"' in /var/www/html/index.php(17) : eval()'d code on line 1

So we know this is PHP in the backend. Let’s try escaping our vowels:

1
http://46.101.107.117:2205/?name=\x41p\x6fll\x6f

Bingo! We get the flag in the response:

1
2
Cngrts, hr's yr flg:
he2022{v0w3ls_4r3_f0r_n3rd5!}

Flag

he2022{v0w3ls_4r3_f0r_n3rd5!}