intrd has spoken
Do you have enough money to buy the flag?
http://78.46.224.78:5000/
Solution
The web application list two products to buy..
Cheap
Which you can buy with valid card generated here
Flag
Accept the valid card but return a limit exceeded error message:
Analyzing callback data
When the order is accepted/declined you get a callback data parameter from the server..
Cheap callback
http://78.46.224.78:5000/payment/callback?data=5765679f0870f4309b1a3c83588024d7c146a4104cf9d2c8de817b1d05ac501928df361f896eb3c3706cda0474915040 Hello, customer! Payment status: good Filename: cheap.txt Content: MAKE C3 HACK AGAIN!
Flag callback
http://78.46.224.78:5000/payment/callback?data=232c66210158dfb23a2eda5cc945a0a9650c1ed0fa0a08f6d80475334bb8e8a1aef38fd25e8ce9872f7ef761e2bbe791 Hello, customer! Payment status: failed Credit card limit exceeded!
After running a data sequencer(unique) in the flag callback data, we could notice that there was not much entropy.
Comparing it next to the flag callback was noticeable that in fact it was divided in 3 blocks..
So after a lot of trial and error moving the blocks in different positions we got the one that made the purchase of the flag.
The buy formula
buyflagcallback = (cheapblock[1] + cheapblock[2] + flagblock[2] + flag_block[3])
buyflag_callback = 5765679f0870f4309b1a3c83588024d7c146a4104cf9d2c86a5c7ef475a00033472741d1bbc3c34f2f7ef761e2bbe791
http://78.46.224.78:5000/payment/callback?data=5765679f0870f4309b1a3c83588024d7c146a4104cf9d2c86a5c7ef475a00033472741d1bbc3c34f2f7ef761e2bbe791 Payment status: good Filename: flag.txt Content: Flag: 33C3_CENSORED