Recently Updated
C0ns0n4nt Pl4n3t
Challenge
Apollo wants his name printed on that fancy new site. He’s constantly failing as vowels and some special characters are blocked when entered.
Can you help him?
http://46.101.107.117:2205
Note: The service is restarted every hour at x:00.
Solution
If we enter a vowel, the site will not print our entry.
For example:
1
http://46.101.107.117:2205/?name=Apollo
Response: f0rb1dd3n
If we enter just a double-quote, we trigger an error:
1
Parse error: syntax error, unexpected '"' in /var/www/html/index.php(17) : eval()'d code on line 1
So we know this is PHP in the backend. Let’s try escaping our vowels:
1
http://46.101.107.117:2205/?name=\x41p\x6fll\x6f
Bingo! We get the flag in the response:
1
2
Cngrts, hr's yr flg:
he2022{v0w3ls_4r3_f0r_n3rd5!}
Flag
he2022{v0w3ls_4r3_f0r_n3rd5!}