Tags: sourcecode python parsing json elasticsearch html indexer 

Rating: 0

1) Go to https://search.contest.qctf.ru/
2) Register and Log in
3) Let's try to index google.com
4) Now, u`re see all a[href] attributes from google.com page

5) Now, watch the source code (https://contest.qctf.ru/static/tasks/a183c36c/src.zip)
    We`re interested in search_engine\settings\production.py (4 line) and search_engine\front\auth.py (28-34 lines)
6) As we can see in auth.py server do get request on http://auth.local/login/{USER_NAME}  and parse json
7) If you will try to index http://auth.local/login/Minister, then u`ll see 403 error (Запрещено индексировать ресурсы внутренней сети)
8) Now create HTML file and setup name test.html for them

9) Let`s try to index your test.html file
10) Because JSON have this structure: {"object_key": "object_value"}, we`ll search the "password" text (https://search.contest.qctf.ru/search?query=%22password%22)
11) Now we`re see JSON info. { "_id": "Minister", "password": "QCTF_Ha_Ha_Hackers_Cant_Invade_In_Out_Network" }
12) Congrats! Your flag is QCTF_Ha_Ha_Hackers_Cant_Invade_In_Out_Network