SEETF

今天一天打了几个国外的比赛，这个比赛直接给我打自闭了，web就会一题，我是fw。。。

web

Sourceless Guessy Web (Baby Flag)

WHY SO SERIOUS? WHY NEED SOURCE? Contrary to the title of this challenge, you do not need to guess. As usual, do not bruteforce or scan our infrastructure, it is not allowed. Note: There are two flags for this challenge. http://sourcelessguessyweb.chall.seetf.sg:1337 For beginners:

• https://portswigger.net/web-security/file-path-traversal

目录遍历漏洞../../../etc/passwd,看源码得到flag

MISC

Regex101

Our team stored a flag on our machine, however, we were hacked by someone, and he generated 2999 flags and hid our original flag in the .txt file. The flag consists of 5 uppercase letters, followed by 5 digits and another 6 uppercase letters. Can you find it for us?

签到题，一个一个找自然能找到，但是学到了一个新的方法

直接使用

SEE{[A-Z]{5}\d{5}[A-Z]{6}}

即可找到flag

SEE{RGSXG13841KLWIUO}