diff --git a/web-security/level-10/victim b/web-security/level-10/victim index 349c570..2cb80d2 100755 --- a/web-security/level-10/victim +++ b/web-security/level-10/victim @@ -30,18 +30,21 @@ open_ports = { s.laddr.port for s in psutil.net_connections(kind="inet") if s.st if 80 in open_ports: print("Port 80 is open. Will connect to the service there.") challenge_url = "http://challenge.localhost:80/" - password = open("/flag").read().strip() + flag = open("/flag").read().strip() elif 8080 in open_ports: - print("Port 8080 is open. Will connect to the service there.") + print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.") challenge_url = "http://challenge.localhost:8080/" - password = "pwn.college{fake_flag}" + flag = "pwn.college{fake_flag}" +else: + print("Services don't seem to be running?") + sys.exit(1) -print("Visiting http://challenge.localhost/") -browser.get("http://challenge.localhost") +print(f"Visiting {challenge_url}") +browser.get(challenge_url) print("Logging in as admin...") browser.find_element(By.NAME, "username").send_keys("admin") -browser.find_element(By.NAME, "password").send_keys(password) +browser.find_element(By.NAME, "password").send_keys(flag) browser.find_element(By.NAME, "submit").submit() time.sleep(5) diff --git a/web-security/level-11/victim b/web-security/level-11/victim index 5a92ee3..584ac4b 100755 --- a/web-security/level-11/victim +++ b/web-security/level-11/victim @@ -1,7 +1,8 @@ #!/opt/pwn.college/python -import contextlib +import psutil import urllib +import atexit import time import sys import os @@ -9,7 +10,7 @@ import os from selenium import webdriver from selenium.webdriver.firefox.options import Options as FirefoxOptions from selenium.webdriver.firefox.service import Service as FirefoxService -from selenium.webdriver.common.by import By +from selenium.webdriver.common.by import By from selenium.webdriver.support.wait import WebDriverWait from selenium.webdriver.support import expected_conditions as EC from selenium.common.exceptions import TimeoutException, WebDriverException @@ -18,60 +19,38 @@ os.setuid(os.geteuid()) os.environ.clear() os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -@contextlib.contextmanager -def run_browser(): - options = FirefoxOptions() - options.add_argument("--headless") - - # workaround for ubuntu - if os.path.exists("/snap/bin/geckodriver"): - service = FirefoxService(executable_path="/snap/bin/geckodriver", log_path="/dev/null") - else: - service = FirefoxService(log_path="/dev/null") - driver = webdriver.Firefox(service=service, options=options) - - try: - yield driver - finally: - driver.quit() - -if len(sys.argv) <= 1: - print(f"Usage: {sys.argv[0]} URL") +options = FirefoxOptions() +options.add_argument("--headless") +service = FirefoxService(log_path="/dev/null") + +browser = webdriver.Firefox(service=service, options=options) +atexit.register(browser.quit) + +open_ports = { s.laddr.port for s in psutil.net_connections(kind="inet") if s.status == 'LISTEN' } +if 80 in open_ports: + print("Port 80 is open. Will connect to the service there.") + challenge_url = "http://challenge.localhost:80/" + flag = open("/flag").read().strip() +elif 8080 in open_ports: + print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.") + challenge_url = "http://challenge.localhost:8080/" + flag = "pwn.college{fake_flag}" +else: + print("Services don't seem to be running?") sys.exit(1) -with run_browser() as browser: - try: - print("First logging in as admin to http://challenge.localhost:80/") - try: - port = 80 - browser.get("http://challenge.localhost:80") - except WebDriverException as e: - if "can%E2%80%99t%20establish%20a%20connection" not in str(e): - raise - print("Port 80 doesn't seem to be listening. Trying http://challenge.localhost:8080/") - port = 8080 - browser.get("http://challenge.localhost:8080") +print(f"Visiting {challenge_url}") +browser.get(challenge_url) - print("pwnpost loaded!") - print("Logging in as admin...") - login = { "username": "admin", "password": open("/flag").read().strip() if port != 8080 else "pwn.college{fake_flag}" } - for name, value in login.items(): - field = browser.find_element(By.NAME, name) - field.send_keys(value) - submit_field = browser.find_element(By.NAME, "submit") - submit_field.submit() - WebDriverWait(browser, 10).until(EC.staleness_of(submit_field)) - time.sleep(3) - print("Logged in!") +print("Logging in as admin...") +browser.find_element(By.NAME, "username").send_keys("admin") +browser.find_element(By.NAME, "password").send_keys(flag) +browser.find_element(By.NAME, "submit").submit() +time.sleep(3) +print("Logged in!") - print("Visiting the attacker's website (http://hacker.localhost:1337/)...") - browser.get("http://hacker.localhost:1337/") - time.sleep(3) +print("Visiting the attacker's website (http://hacker.localhost:1337/)...") +browser.get("http://hacker.localhost:1337/") +time.sleep(3) - print("Visited! Go check if the attack worked!") - except WebDriverException as e: - if "can%E2%80%99t%20establish%20a%20connection" in str(e): - print("Connection error! Is the server running?") - else: - print(f"Failure: {e}...") - sys.exit(4) +print("Visited! Go check if the attack worked!") diff --git a/web-security/level-8/victim b/web-security/level-8/victim index ad5e7df..aa74ac7 100755 --- a/web-security/level-8/victim +++ b/web-security/level-8/victim @@ -1,14 +1,16 @@ #!/opt/pwn.college/python -import contextlib +import psutil import urllib +import atexit +import time import sys import os from selenium import webdriver from selenium.webdriver.firefox.options import Options as FirefoxOptions from selenium.webdriver.firefox.service import Service as FirefoxService -from selenium.webdriver.common.by import By +from selenium.webdriver.common.by import By from selenium.webdriver.support.wait import WebDriverWait from selenium.webdriver.support import expected_conditions as EC from selenium.common.exceptions import TimeoutException, WebDriverException @@ -17,55 +19,38 @@ os.setuid(os.geteuid()) os.environ.clear() os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -@contextlib.contextmanager -def run_browser(): - options = FirefoxOptions() - options.add_argument("--headless") +options = FirefoxOptions() +options.add_argument("--headless") +service = FirefoxService(log_path="/dev/null") - # workaround for ubuntu - if os.path.exists("/snap/bin/geckodriver"): - service = FirefoxService(executable_path="/snap/bin/geckodriver", log_path="/dev/null") - else: - service = FirefoxService(log_path="/dev/null") - driver = webdriver.Firefox(service=service, options=options) +browser = webdriver.Firefox(service=service, options=options) +atexit.register(browser.quit) - try: - yield driver - finally: - driver.quit() - -if len(sys.argv) <= 1: +if len(sys.argv) == 1: print(f"Usage: {sys.argv[0]} URL") sys.exit(1) -url = sys.argv[1] -url_parsed = urllib.parse.urlparse(url) -try: - assert url_parsed.hostname == "challenge.localhost", "hostname should be 'challenge.localhost'" - assert url_parsed.port in {None, 80, 8080}, "port should be 80 or 8080" -except AssertionError as e: - print(f"Invalid URL: {e}") +challenge_url = sys.argv[1] +url_parsed = urllib.parse.urlparse(challenge_url) +if url_parsed.hostname != "challenge.localhost": + print("Hostname should be 'challenge.localhost'.") sys.exit(2) - - -print("Visiting the URL!") -with run_browser() as browser: - try: - browser.get(url) - print("URL loaded...") - WebDriverWait(browser, 1).until(EC.alert_is_present()) - except TimeoutException: - print("Failure: JavaScript alert did not trigger...") - sys.exit(3) - except WebDriverException as e: - if "can%E2%80%99t%20establish%20a%20connection" in str(e): - print("Connection error! Is the service running?") - else: - print(f"Failure: {e}...") - sys.exit(4) - else: - if url_parsed.port != 8080: - print("Alert triggered! Your flag:") - print(open("/flag").read()) - else: - print("Alert triggered! Now do it on the real service (port 80)!") +if url_parsed.port == 8080: + print("Will give fake flag for debug port (8080)...") + reward = "pwn.college{fake_flag}" +elif url_parsed.port in {None, 80}: + reward = open("/flag").read() +else: + print("Port should be 80 (real service) or 8080 (debug port).") + sys.exit(3) + +print(f"Visiting {challenge_url}") +browser.get(challenge_url) +try: + WebDriverWait(browser, 1).until(EC.alert_is_present()) +except TimeoutException: + print("Failure: JavaScript alert did not trigger...") + sys.exit(3) +else: + print("Alert triggered! Your reward:") + print(reward) diff --git a/web-security/level-9/victim b/web-security/level-9/victim index b6f0037..aa74ac7 100755 --- a/web-security/level-9/victim +++ b/web-security/level-9/victim @@ -1,14 +1,16 @@ #!/opt/pwn.college/python -import contextlib +import psutil import urllib +import atexit +import time import sys import os from selenium import webdriver from selenium.webdriver.firefox.options import Options as FirefoxOptions from selenium.webdriver.firefox.service import Service as FirefoxService -from selenium.webdriver.common.by import By +from selenium.webdriver.common.by import By from selenium.webdriver.support.wait import WebDriverWait from selenium.webdriver.support import expected_conditions as EC from selenium.common.exceptions import TimeoutException, WebDriverException @@ -17,50 +19,38 @@ os.setuid(os.geteuid()) os.environ.clear() os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -@contextlib.contextmanager -def run_browser(): - options = FirefoxOptions() - options.add_argument("--headless") - service = FirefoxService(log_path="/dev/null") - driver = webdriver.Firefox(service=service, options=options) +options = FirefoxOptions() +options.add_argument("--headless") +service = FirefoxService(log_path="/dev/null") - try: - yield driver - finally: - driver.quit() +browser = webdriver.Firefox(service=service, options=options) +atexit.register(browser.quit) -if len(sys.argv) <= 1: +if len(sys.argv) == 1: print(f"Usage: {sys.argv[0]} URL") sys.exit(1) -url = sys.argv[1] -url_parsed = urllib.parse.urlparse(url) -try: - assert url_parsed.hostname == "challenge.localhost", "hostname should be 'challenge.localhost'" - assert url_parsed.port in {None, 80, 8080}, "port should be 80 or 8080" -except AssertionError as e: - print(f"Invalid URL: {e}") +challenge_url = sys.argv[1] +url_parsed = urllib.parse.urlparse(challenge_url) +if url_parsed.hostname != "challenge.localhost": + print("Hostname should be 'challenge.localhost'.") sys.exit(2) - - -print("Visiting the URL!") -with run_browser() as browser: - try: - browser.get(url) - print("URL loaded...") - WebDriverWait(browser, 1).until(EC.alert_is_present()) - except TimeoutException: - print("Failure: JavaScript alert did not trigger...") - sys.exit(3) - except WebDriverException as e: - if "can%E2%80%99t%20establish%20a%20connection" in str(e): - print("Connection error! Is the service running?") - else: - print(f"Failure: {e}...") - sys.exit(4) - else: - if url_parsed.port != 8080: - print("Alert triggered! Your flag:") - print(open("/flag").read()) - else: - print("Alert triggered! Now do it on the real service (port 80)!") +if url_parsed.port == 8080: + print("Will give fake flag for debug port (8080)...") + reward = "pwn.college{fake_flag}" +elif url_parsed.port in {None, 80}: + reward = open("/flag").read() +else: + print("Port should be 80 (real service) or 8080 (debug port).") + sys.exit(3) + +print(f"Visiting {challenge_url}") +browser.get(challenge_url) +try: + WebDriverWait(browser, 1).until(EC.alert_is_present()) +except TimeoutException: + print("Failure: JavaScript alert did not trigger...") + sys.exit(3) +else: + print("Alert triggered! Your reward:") + print(reward) diff --git a/web-security/xss-exfil-cookie/victim b/web-security/xss-exfil-cookie/victim index e54fae6..2cb80d2 100755 --- a/web-security/xss-exfil-cookie/victim +++ b/web-security/xss-exfil-cookie/victim @@ -1,7 +1,8 @@ #!/opt/pwn.college/python -import contextlib +import psutil import urllib +import atexit import time import sys import os @@ -9,7 +10,7 @@ import os from selenium import webdriver from selenium.webdriver.firefox.options import Options as FirefoxOptions from selenium.webdriver.firefox.service import Service as FirefoxService -from selenium.webdriver.common.by import By +from selenium.webdriver.common.by import By from selenium.webdriver.support.wait import WebDriverWait from selenium.webdriver.support import expected_conditions as EC from selenium.common.exceptions import TimeoutException, WebDriverException @@ -18,60 +19,33 @@ os.setuid(os.geteuid()) os.environ.clear() os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -@contextlib.contextmanager -def run_browser(): - options = FirefoxOptions() - options.add_argument("--headless") - - # workaround for ubuntu - if os.path.exists("/snap/bin/geckodriver"): - service = FirefoxService(executable_path="/snap/bin/geckodriver", log_path="/dev/null") - else: - service = FirefoxService(log_path="/dev/null") - driver = webdriver.Firefox(service=service, options=options) - - try: - yield driver - finally: - driver.quit() - -if len(sys.argv) <= 1: - print(f"Usage: {sys.argv[0]} URL") +options = FirefoxOptions() +options.add_argument("--headless") +service = FirefoxService(log_path="/dev/null") + +browser = webdriver.Firefox(service=service, options=options) +atexit.register(browser.quit) + +open_ports = { s.laddr.port for s in psutil.net_connections(kind="inet") if s.status == 'LISTEN' } +if 80 in open_ports: + print("Port 80 is open. Will connect to the service there.") + challenge_url = "http://challenge.localhost:80/" + flag = open("/flag").read().strip() +elif 8080 in open_ports: + print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.") + challenge_url = "http://challenge.localhost:8080/" + flag = "pwn.college{fake_flag}" +else: + print("Services don't seem to be running?") sys.exit(1) -url = sys.argv[1] -url_parsed = urllib.parse.urlparse(url) -try: - assert url_parsed.hostname == "challenge.localhost", "hostname should be 'challenge.localhost'" - assert url_parsed.port in {None, 80, 8080}, "port should be 80 or 8080" -except AssertionError as e: - print(f"Invalid URL: {e}") - sys.exit(2) - - -print("Visiting the URL!") -with run_browser() as browser: - try: - browser.get(url) - print("URL loaded...") +print(f"Visiting {challenge_url}") +browser.get(challenge_url) - print("Logging in as admin...") - login = { - "username": "admin", - "password": (open("/flag").read().strip() if url_parsed.port != 8080 else "pwn.college{fake_flag}")[-10:] - } - for name, value in login.items(): - field = browser.find_element(By.NAME, name) - field.send_keys(value) - submit_field = browser.find_element(By.NAME, "submit") - submit_field.submit() +print("Logging in as admin...") +browser.find_element(By.NAME, "username").send_keys("admin") +browser.find_element(By.NAME, "password").send_keys(flag) +browser.find_element(By.NAME, "submit").submit() - WebDriverWait(browser, 10).until(EC.staleness_of(submit_field)) - time.sleep(3) - print("Visited! Go check if the attack worked!") - except WebDriverException as e: - if "can%E2%80%99t%20establish%20a%20connection" in str(e): - print("Connection error! Is the service running?") - else: - print(f"Failure: {e}...") - sys.exit(4) +time.sleep(5) +print("Visited! Go check if the attack worked!") diff --git a/web-security/xss-rf-post/victim b/web-security/xss-rf-post/victim index 6b034ee..2cb80d2 100755 --- a/web-security/xss-rf-post/victim +++ b/web-security/xss-rf-post/victim @@ -1,7 +1,8 @@ #!/opt/pwn.college/python -import contextlib +import psutil import urllib +import atexit import time import sys import os @@ -9,7 +10,7 @@ import os from selenium import webdriver from selenium.webdriver.firefox.options import Options as FirefoxOptions from selenium.webdriver.firefox.service import Service as FirefoxService -from selenium.webdriver.common.by import By +from selenium.webdriver.common.by import By from selenium.webdriver.support.wait import WebDriverWait from selenium.webdriver.support import expected_conditions as EC from selenium.common.exceptions import TimeoutException, WebDriverException @@ -18,57 +19,33 @@ os.setuid(os.geteuid()) os.environ.clear() os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -@contextlib.contextmanager -def run_browser(): - options = FirefoxOptions() - options.add_argument("--headless") - - # workaround for ubuntu - if os.path.exists("/snap/bin/geckodriver"): - service = FirefoxService(executable_path="/snap/bin/geckodriver", log_path="/dev/null") - else: - service = FirefoxService(log_path="/dev/null") - driver = webdriver.Firefox(service=service, options=options) - - try: - yield driver - finally: - driver.quit() - -if len(sys.argv) <= 1: - print(f"Usage: {sys.argv[0]} URL") +options = FirefoxOptions() +options.add_argument("--headless") +service = FirefoxService(log_path="/dev/null") + +browser = webdriver.Firefox(service=service, options=options) +atexit.register(browser.quit) + +open_ports = { s.laddr.port for s in psutil.net_connections(kind="inet") if s.status == 'LISTEN' } +if 80 in open_ports: + print("Port 80 is open. Will connect to the service there.") + challenge_url = "http://challenge.localhost:80/" + flag = open("/flag").read().strip() +elif 8080 in open_ports: + print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.") + challenge_url = "http://challenge.localhost:8080/" + flag = "pwn.college{fake_flag}" +else: + print("Services don't seem to be running?") sys.exit(1) -url = sys.argv[1] -url_parsed = urllib.parse.urlparse(url) -try: - assert url_parsed.hostname == "challenge.localhost", "hostname should be 'challenge.localhost'" - assert url_parsed.port in {None, 80, 8080}, "port should be 80 or 8080" -except AssertionError as e: - print(f"Invalid URL: {e}") - sys.exit(2) - - -print("Visiting the URL!") -with run_browser() as browser: - try: - browser.get(url) - print("URL loaded...") +print(f"Visiting {challenge_url}") +browser.get(challenge_url) - print("Logging in as admin...") - login = { "username": "admin", "password": open("/flag").read().strip() if url_parsed.port != 8080 else "pwn.college{fake_flag}" } - for name, value in login.items(): - field = browser.find_element(By.NAME, name) - field.send_keys(value) - submit_field = browser.find_element(By.NAME, "submit") - submit_field.submit() +print("Logging in as admin...") +browser.find_element(By.NAME, "username").send_keys("admin") +browser.find_element(By.NAME, "password").send_keys(flag) +browser.find_element(By.NAME, "submit").submit() - WebDriverWait(browser, 10).until(EC.staleness_of(submit_field)) - time.sleep(3) - print("Visited! Go check if the attack worked!") - except WebDriverException as e: - if "can%E2%80%99t%20establish%20a%20connection" in str(e): - print("Connection error! Is the service running?") - else: - print(f"Failure: {e}...") - sys.exit(4) +time.sleep(5) +print("Visited! Go check if the attack worked!") diff --git a/web-security/xss-stored-alert/victim b/web-security/xss-stored-alert/victim index b6f0037..c9c6a80 100755 --- a/web-security/xss-stored-alert/victim +++ b/web-security/xss-stored-alert/victim @@ -1,14 +1,16 @@ #!/opt/pwn.college/python -import contextlib +import psutil import urllib +import atexit +import time import sys import os from selenium import webdriver from selenium.webdriver.firefox.options import Options as FirefoxOptions from selenium.webdriver.firefox.service import Service as FirefoxService -from selenium.webdriver.common.by import By +from selenium.webdriver.common.by import By from selenium.webdriver.support.wait import WebDriverWait from selenium.webdriver.support import expected_conditions as EC from selenium.common.exceptions import TimeoutException, WebDriverException @@ -17,50 +19,33 @@ os.setuid(os.geteuid()) os.environ.clear() os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -@contextlib.contextmanager -def run_browser(): - options = FirefoxOptions() - options.add_argument("--headless") - service = FirefoxService(log_path="/dev/null") - driver = webdriver.Firefox(service=service, options=options) - - try: - yield driver - finally: - driver.quit() - -if len(sys.argv) <= 1: - print(f"Usage: {sys.argv[0]} URL") +options = FirefoxOptions() +options.add_argument("--headless") +service = FirefoxService(log_path="/dev/null") + +browser = webdriver.Firefox(service=service, options=options) +atexit.register(browser.quit) + +open_ports = { s.laddr.port for s in psutil.net_connections(kind="inet") if s.status == 'LISTEN' } +if 80 in open_ports: + print("Port 80 is open. Will connect to the service there.") + challenge_url = "http://challenge.localhost:80/" + flag = open("/flag").read().strip() +elif 8080 in open_ports: + print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.") + challenge_url = "http://challenge.localhost:8080/" + flag = "pwn.college{fake_flag}" +else: + print("Services don't seem to be running?") sys.exit(1) -url = sys.argv[1] -url_parsed = urllib.parse.urlparse(url) +print(f"Visiting {challenge_url}") +browser.get(challenge_url) try: - assert url_parsed.hostname == "challenge.localhost", "hostname should be 'challenge.localhost'" - assert url_parsed.port in {None, 80, 8080}, "port should be 80 or 8080" -except AssertionError as e: - print(f"Invalid URL: {e}") - sys.exit(2) - - -print("Visiting the URL!") -with run_browser() as browser: - try: - browser.get(url) - print("URL loaded...") - WebDriverWait(browser, 1).until(EC.alert_is_present()) - except TimeoutException: - print("Failure: JavaScript alert did not trigger...") - sys.exit(3) - except WebDriverException as e: - if "can%E2%80%99t%20establish%20a%20connection" in str(e): - print("Connection error! Is the service running?") - else: - print(f"Failure: {e}...") - sys.exit(4) - else: - if url_parsed.port != 8080: - print("Alert triggered! Your flag:") - print(open("/flag").read()) - else: - print("Alert triggered! Now do it on the real service (port 80)!") + WebDriverWait(browser, 1).until(EC.alert_is_present()) +except TimeoutException: + print("Failure: JavaScript alert did not trigger...") + sys.exit(3) +else: + print("Alert triggered! Your reward:") + print(flag) diff --git a/web-security/xss-stored-html/victim b/web-security/xss-stored-html/victim index e81d455..134af34 100755 --- a/web-security/xss-stored-html/victim +++ b/web-security/xss-stored-html/victim @@ -1,32 +1,30 @@ #!/opt/pwn.college/python import requests -import urllib +import psutil import sys import re -url = sys.argv[1] -url_parsed = urllib.parse.urlparse(url) -try: - assert url_parsed.hostname == "challenge.localhost", "hostname should be 'challenge.localhost'" - assert url_parsed.port in {None, 80, 8080}, "port should be 80 or 8080" -except AssertionError as e: - print(f"Invalid URL: {e}") - sys.exit(2) - -if len(sys.argv) <= 1: - print(f"Usage: {sys.argv[0]} URL") +open_ports = { s.laddr.port for s in psutil.net_connections(kind="inet") if s.status == 'LISTEN' } +if 80 in open_ports: + print("Port 80 is open. Will connect to the service there.") + challenge_url = "http://challenge.localhost:80/" + flag = open("/flag").read().strip() +elif 8080 in open_ports: + print("Port 8080 is open. Will connect to the service there.") + challenge_url = "http://challenge.localhost:8080/" + flag = "pwn.college{fake_flag}" +else: + print("Services don't seem to be running?") sys.exit(1) -print("Visiting the URL...") +print(f"Visiting {challenge_url}...") try: - num_inputs = len(re.findall(r"", requests.get(url, timeout=1).text)) + num_inputs = len(re.findall(r"", requests.get(challenge_url, timeout=1).text)) if num_inputs <= 2: print("You did not inject an textbox...") - elif url_parsed.port == 8080: - print("You got it! Now do it for real (on port 80).") else: print("You got it! Here is your flag:") - print(open("/flag").read()) + print(flag) except requests.exceptions.ConnectionError: print("Connection error... Is the service running?")