Tags: django python web
Rating:
DJANGO is a python web-framework.
In the chall we are given a findme.zip, extracting it gives us a find me dir, which is actually a server that can be hosted, with bunch of folders and python file.
The challenge was suppposed to be solved by hosting the server onto the local machine and look for the source code review
But after trying the conventional method, It sort of came to my mind if I have the flag on the server I just need to look for a file
on the directories itslef:
So looking for something I found "index.html"
PATH ----> /findme/core/templates/core/index.html
SOURCE CODE OF index.html
================================================================================================
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>HOME</title>
</head>
<body>
{% ifequal user.username "sudo" %}
<h1>intr0_t0_djang0</h1>
{% endifequal %}
<center><h1>Welcome To Python Web World !!</h1>
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Built by experienced developers,
it takes care of much of the hassle of Web development, so you can focus on writing your app without needing to reinvent the wheel.
It’s free and open source.
If you got stuck look around for help.... <help class="">
</help>
</center>
<script>
console.log("creating a super user account in django might help you..")
</script>
================================================================================================
inside the <body> tag there is some unusual text
{% ifequal user.username "sudo" %}
<h1>intr0_t0_djang0</h1>
{% endifequal %}
intr0_t0_djang0 if the flag we need.
Flag format : RESTCON{<- flag -<}
**********************************************
RESTCON{intr0_t0_djang0}
**********************************************
**********************************************
