MatchTheRegex
CTF Author: Sunday
Jacob Nwanyim
Description
How about
trying to match a regular expression
Hints: Access
the webpage and try to match the regular expression associated with the text
field.
So after
reading this problem and hint it was very clear that we need to do something
with input field and Regex, so I researched about Regex from Chatgpt.
This is the
information provided by Chatgpt.
A regex
(short for regular expression) is a sequence of characters that defines
a search pattern. It is used to match, search, and manipulate text based on
specific patterns. Regex is commonly used in programming, data validation, text
processing, and search functions.
After this I
checked the source code and boom we got a piece of code which is returning the
flag.
There’s are
a our flag p…..F!?
From this it
very cleared that we first character is p and fifth character is F and the flag
will end with ! or ?
There are
several methods for matching the regex pattern using console of developer’s
tools or by sending an input script using burp suite.I asked for the script
from chatgpt.
Script is:
GET /flag?input=pabcdeF! HTTP/1.1
Host:
example.com
I opened the
burp suite and found a get request and sent it to the repeater.
And inserted
the above script in get request.
And Boom here’s the flag:
Flag:picoCTF{succ3ssfully_matchtheregex_8ad436ed}
What I Learned
This challenge was a great introduction to several important concepts:
Regex Basics: Although this was a straightforward pattern match, it reinforced how regex works and why it is so useful for text manipulation.
Source Code Analysis: Always look to the source! Web challenges often conceal clues in comments, JavaScript, or HTML that aren't immediately apparent.
HTTP Request Manipulation: Manipulating requests with the use of Burp Suite is a fundamental web security skill. This challenge provided me with direct experience in constructing GET requests.
Begin with the source - Look at the page source, inspect network requests, and inspect JavaScript files
Know your tool - Whether regex, SQL, or some other technology, be sure you understand the fundamentals
Experiment with several methods - Don't become fixated on a single method; there are typically a few different ways to a web problem
Log your method - Documenting what you do helps when you're stuck
Final Thoughts
MatchTheRegex may be easy once you understand the answer, but it does teach core skills that are used in much harder difficulties. The mix of source code analysis, regex knowledge, and HTTP tampering gives a sound basis for web exploitation difficulties.
Final Thoughts
MatchTheRegex might seem straightforward once you know the solution, but it teaches fundamental skills that apply to much more complex challenges. The combination of source code analysis, regex understanding, and HTTP manipulation creates a solid foundation for web exploitation challenges.
Plus, there's something satisfying about seeing that flag pop up after connecting all the pieces together!
Challenge Source: picoCTF
Happy hacking, and remember - the best way to learn cybersecurity is by getting your hands dirty with challenges like these!
.jpg)
.jpg)
No comments:
Post a Comment