FireShell Security Team
Home Team Articles Sponsors About

SunshineCTF - Marceau Writeup

SunshineCtf - Marceau Writeup

“Marceau

Hey my friend tells me that the flag is in this site’s source code. Idk how to read that though, lol (🅱️retty lame tbh 😂) http://marceau.web1.sunshinectf.org Author: charlton Hint 2018-04-06 00:20 UTC: There are many different types of MIMEs, but only a handful were truly legendary…”

The given web page only tells us that we are supposedly not accepting something… By association it’s refering to the Accept field in the HTTP’s header.

I listed some PHP-relative mimetypes and tried passing them in the Accept field until it finally worked. The resulting Accept is:

Accept: text/html,application/xhtml+xml,application/xml,application/x-php,text/php;q=0.9,*/*;q=0.8

flag: sun{45k_4nd_y3_5h411_r3c31v3}

© 2017 - 2018 FireShell Security Team. All rights reserved.