Featured image of post Ping Bond
Hackday 2024

Ping Bond

Hackday 2024 | 🌐 Web

We have a python file :

  • app.py

According to the source code in this challenge we will get the flag if we send a post request with the ip_address parameter set to a value that, when its checked in the very_unique_id function it matches one of these values :

27 or 30

We got these values like this :

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

def very_unique_id(ip_address):
    # Gives each server a unique ID
    acc = 0
    for c in ip_address:
        acc = (acc + ord(c)) % 42

    return acc

print(very_unique_id("<https://www.nasa.gov/>")) # ==> gives 30
print(very_unique_id("<https://hackday.fr/>")) # ==> gives 27

I then started my own webhook using Requestbin

Then, the url used in on the page needs to have its unique_id equal to 27 or 30. To do this, a random char is added to the url until the right value is hit.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

def very_unique_id(ip_address):
    # Gives each server a unique ID
    acc = 0
    for c in ip_address:
        acc = (acc + ord(c)) % 42

    return acc


print(very_unique_id("url_address")) # ==> gives 30

When the url is sent, we get the request and the flag :

HACKDAY{Pr3ttY_34Sy_r1Ght?}