snakectf-23: web last challenge

_posts/2023-12-10-SnakeCTF.md

@@ -20,7 +20,42 @@ ctf_categories:
 > I love my smart fridge so much.<br><br>
 > https://smartest-fridge.snakectf.org
 
-🏁 _snakeCTF{}_{:.spoiler}
+In this warmup challenge upon entering the site there's an error message telling us that we are not a fridge! (_I sure hope we are not_)
+
+![fridge](/assets/img/SnakeCTF_2023/web_fridge.gif)
+
+But, for the sake of the challenge, let's try to mimic a fridge by changing our User Agent.
+
+After a bit of searching we managed to impersonate a fridge with the following User-Agent:
+
+```http
+GET / HTTP/1.1
+Host: https://smartest-fridge.snakectf.org/
+User-Agent: Mozilla/5.0 (SmartFridge; U; HarmonyOS 2.0; en-US; ModelHuaweiFridge) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4924.64 Safari/537.36
+
+HTTP/2 200
+host: smartest-fridge.snakectf.org
+content-type: text/html; charset=UTF-8
+⋮
+<html>
+
+<head>
+    <link rel="stylesheet" href="css/main.css">
+    <title>Are you a smart fridge?</title>
+    <link rel="icon" type="image/x-icon" href="/pictures/huahei.png">
+</head>
+
+<body>
+    <div class="welcome">
+        <p>This page is allowed only to the smartest of the smart fridge</p>
+    </div>
+    <div class='success'>
+                <p>
+                    <b>*brrr*</b>... Here's your flag: snakeCTF{***}
+⋮
+```
+
+🏁 _snakeCTF{w3lc0m3\_t0\_snakectf\_w3bb3r}_{:.spoiler}
 
 ## springbrut
 
@@ -944,6 +979,7 @@ So we had a list with the letters we needed to compose the word "FLAG", we just
 all(dir(list)).real # = 1
 all(dir(list)).real.__gt__( all(dir(list)).real).real # = 0
 ```
+
 Putting everything together turned into this beautiful payload:
 
 ```python