This is from the 2021 Vishwa CTF
For this challenge, we are given a URL:
Going to the site, we are given this page:
After a little poking around, I look for a robots.txt entry:
Interesting! Now I follow the clue and look for a robots directory:
I click the link on the page for the source code and I get this:
After reviewing the code, I see that the PHP is looking for an input parameter “php_is_hard” and it runs “preg_replace()” on it and evaluates the output of that.
if (isset($_GET['php_is_hard'])) {
$you_enter = $_GET['php_is_hard'];
$we_enter = 'suzuki_harumiya';
$the_final_one = preg_replace(
"/$we_enter/", '', $you_enter);
if ($the_final_one === $we_enter) {
open_up();
}
}
Analyzing this code, I see that it takes my input and looks for all instances of “suzuki_harumiya” and removes it. Then it compares the resulting string to “suzuki_harumiya”. If it is true, then it runs the “open_up()” function.
I see that I can simply manipulate my input to “ssuzuki_harumiyauzuki_harumiya” and the script will remove the single instance of “suzuki_harumiya” in it and the resulting string will, in fact, be “suzuki_harumiya”. When I feed that input, I get this: