From 9d960e60ac62b7ec2937e438ec6d80e4d81d2c60 Mon Sep 17 00:00:00 2001
From: Simon <simon@huenecke.de>
Date: Mon, 4 Sep 2023 22:08:12 +0200
Subject: [PATCH] downloaded challenges

didnt know they would publish everything
---
 .../beginner/complementary/ape.py             |  16 +++
 .../beginner/complementary/complementary.py   |  14 ++
 .../beginner/complementary/flag.txt           |   1 +
 .../beginner/complementary/output.txt         |   1 +
 .../beginner/confusing/README.md              |  45 ++++++
 DownUnderCTF 2023/beginner/confusing/ape.py   |  34 +++++
 .../beginner/confusing/confusing              | Bin 0 -> 17088 bytes
 .../beginner/confusing/confusing.c            |  32 +++++
 .../beginner/confusing/confusing.py           |  35 +++++
 .../beginner/xxd-server/xxd_server/.htaccess  |   4 +
 .../beginner/xxd-server/xxd_server/Dockerfile |   6 +
 .../beginner/xxd-server/xxd_server/index.php  | 110 +++++++++++++++
 .../actually-proxed/Dockerfile                |  11 ++
 .../actually-proxed/cmd/proxy/main.go         | 131 ++++++++++++++++++
 .../actually-proxed/cmd/secret_server/main.go |  43 ++++++
 .../actually-proxed/docker-entrypoint.sh      |  17 +++
 .../actually-proxed/actually-proxed/go.mod    |   3 +
 17 files changed, 503 insertions(+)
 create mode 100644 DownUnderCTF 2023/beginner/complementary/ape.py
 create mode 100644 DownUnderCTF 2023/beginner/complementary/complementary.py
 create mode 100644 DownUnderCTF 2023/beginner/complementary/flag.txt
 create mode 100644 DownUnderCTF 2023/beginner/complementary/output.txt
 create mode 100644 DownUnderCTF 2023/beginner/confusing/README.md
 create mode 100644 DownUnderCTF 2023/beginner/confusing/ape.py
 create mode 100755 DownUnderCTF 2023/beginner/confusing/confusing
 create mode 100644 DownUnderCTF 2023/beginner/confusing/confusing.c
 create mode 100644 DownUnderCTF 2023/beginner/confusing/confusing.py
 create mode 100755 DownUnderCTF 2023/beginner/xxd-server/xxd_server/.htaccess
 create mode 100755 DownUnderCTF 2023/beginner/xxd-server/xxd_server/Dockerfile
 create mode 100755 DownUnderCTF 2023/beginner/xxd-server/xxd_server/index.php
 create mode 100644 DownUnderCTF 2023/web/actually-proxed/actually-proxed/Dockerfile
 create mode 100644 DownUnderCTF 2023/web/actually-proxed/actually-proxed/cmd/proxy/main.go
 create mode 100644 DownUnderCTF 2023/web/actually-proxed/actually-proxed/cmd/secret_server/main.go
 create mode 100755 DownUnderCTF 2023/web/actually-proxed/actually-proxed/docker-entrypoint.sh
 create mode 100644 DownUnderCTF 2023/web/actually-proxed/actually-proxed/go.mod

diff --git a/DownUnderCTF 2023/beginner/complementary/ape.py b/DownUnderCTF 2023/beginner/complementary/ape.py
new file mode 100644
index 00000000..638bf9a2
--- /dev/null
+++ b/DownUnderCTF 2023/beginner/complementary/ape.py	
@@ -0,0 +1,16 @@
+import math
+
+ctf = b"DUCTF{"
+
+ctf = int.from_bytes(ctf)
+
+# 0x44554354467b
+# 0x3bd4fca9d0d3e400000000000000000000000
+# 6954494065942554678316751997792528753841173212407363342283423753536991947310058248515278
+
+crypt = 6954494065942554678316751997792528753841173212407363342283423753536991947310058248515278
+
+print(hex(int(math.sqrt(crypt))))
+ctf2 = 0x44554354467b0000000000000000000000000
+
+print(int(crypt / ctf2))
diff --git a/DownUnderCTF 2023/beginner/complementary/complementary.py b/DownUnderCTF 2023/beginner/complementary/complementary.py
new file mode 100644
index 00000000..8416d181
--- /dev/null
+++ b/DownUnderCTF 2023/beginner/complementary/complementary.py	
@@ -0,0 +1,14 @@
+import math
+
+flag = open('./flag.txt', 'rb').read().strip()
+m1 = int.from_bytes(flag[:len(flag)//2])
+m2 = int.from_bytes(flag[len(flag)//2:])
+print(flag[:len(flag)//2], flag[len(flag)//2:])
+print(m1, m2)
+print(hex(m1), hex(m2))
+n = m1 * m2
+print(n)
+
+print("SOLVING!")
+sq = int(math.sqrt(n))
+print(hex(sq))
diff --git a/DownUnderCTF 2023/beginner/complementary/flag.txt b/DownUnderCTF 2023/beginner/complementary/flag.txt
new file mode 100644
index 00000000..03a02368
--- /dev/null
+++ b/DownUnderCTF 2023/beginner/complementary/flag.txt	
@@ -0,0 +1 @@
+DUCTF{NOTAFLAG}
\ No newline at end of file
diff --git a/DownUnderCTF 2023/beginner/complementary/output.txt b/DownUnderCTF 2023/beginner/complementary/output.txt
new file mode 100644
index 00000000..4ce5cd70
--- /dev/null
+++ b/DownUnderCTF 2023/beginner/complementary/output.txt	
@@ -0,0 +1 @@
+6954494065942554678316751997792528753841173212407363342283423753536991947310058248515278
diff --git a/DownUnderCTF 2023/beginner/confusing/README.md b/DownUnderCTF 2023/beginner/confusing/README.md
new file mode 100644
index 00000000..e6c63b15
--- /dev/null
+++ b/DownUnderCTF 2023/beginner/confusing/README.md	
@@ -0,0 +1,45 @@
+# confusing
+
+```
+Types can be very confusing.
+
+Author: joseph
+nc 2023.ductf.dev 30024 
+```
+
+## Source 
+
+```c
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+void init() {
+    setvbuf(stdout, 0, 2, 0);
+    setvbuf(stdin, 0, 2, 0);
+}
+
+int main() {
+    init();
+
+    short d;
+    double f;
+    char s[4];
+    int z; 
+
+    printf("Give me d: ");
+    scanf("%lf", &d);
+
+    printf("Give me s: ");
+    scanf("%d", &s);
+
+    printf("Give me f: ");
+    scanf("%8s", &f);
+
+    if(z == -1 && d == 13337 && f == 1.6180339887 && strncmp(s, "FLAG", 4) == 0) {
+        system("/bin/sh");
+    } else {
+        puts("Still confused?");
+    }
+}
+```
\ No newline at end of file
diff --git a/DownUnderCTF 2023/beginner/confusing/ape.py b/DownUnderCTF 2023/beginner/confusing/ape.py
new file mode 100644
index 00000000..e13f4a4c
--- /dev/null
+++ b/DownUnderCTF 2023/beginner/confusing/ape.py	
@@ -0,0 +1,34 @@
+import sys
+import angr
+import claripy
+import time
+
+# compiled on ubuntu 18.04 system:
+# https://github.com/b01lers/b01lers-ctf-2020/tree/master/rev/100_little_engine
+success = 0x0010133c
+fail = 0x00101343
+
+
+def main(argv):
+    path_to_binary = argv[1]  # :string
+    project = angr.Project(path_to_binary)
+
+    # Start in main()
+    initial_state = project.factory.entry_state()
+    # Start simulation
+    simulation = project.factory.simgr(initial_state)
+
+    simulation.explore(find=success, avoid=fail)
+
+    # If found a way to reach the address
+    if simulation.found:
+        solution_state = simulation.found[0]
+
+        # Print the string that Angr wrote to stdin to follow solution_state
+        print(solution_state.posix.dumps(sys.stdin.fileno()))
+    else:
+        raise Exception('Could not find the solution')
+
+
+if __name__ == '__main__':
+    main(sys.argv)
diff --git a/DownUnderCTF 2023/beginner/confusing/confusing b/DownUnderCTF 2023/beginner/confusing/confusing
new file mode 100755
index 0000000000000000000000000000000000000000..f8ff1554ba9612edf7fd8d5552ddf52a20879e18
GIT binary patch
literal 17088
zcmeHOeQX@X6`%9Pi9?+81(IUIN46<YC&*_zIEe!?xwC!ty0sxq>;fubbG{Gz!hM*#
zJ+Ns37ef>)aqCu8jZ`GUKWz}L6#AhOq_&Pyz9guK)K+N`YC?&yDNtiVWhlw^y`A^g
zd+W1ktNu}m9qat&{ocpSy!p7D+nEQ$UF~HakKp7LHwomFRT2rZ;6}~}5fn{gCH!9}
zt`bWDUIL#WiJkORnG`UsAU!Wow5!HU33`Qu1yimeQnXtv`KbV=!Y?(^t{k((JL!j1
z52h@)%2Uu7l4Ab1=qXfy#MEwwvDsg1ipBnB2c@_iA<A~hqTL~~J4AL&XQ(`;98Zi1
zewwHqPO5+mlVbiC!fAIK**R$&=`+PLFzq_4$Nro0c97j3#dIT_v`fN*DVO&Zu*10g
zyNSDbCzZEYKMYa)nNoN~T`JkPrLis*t4$>{g`wJ^rY*Hw8Uy)kV3Sz|tQVGnW2)ok
zUIA_<5u-4geX*K&lt1Qs`Jt`XK6(7LE1I9W@Nw&l=Xzf6XCGK5>R>{99umw~LI!nY
z`=1aa9=|}$hYFBtt~_|f$@uTm{k;)xwiMX@uYml;HlDMOK}KQ5M%P2Wl>QeN!Lh$e
z>EE;nzIPG)8Ne0zI8z@0rTkyA2>t@#3VfU?48SU}R``Qb!t-Dku-Im2Y61ZDm7tWc
zzJT!&#o@3;<n>%8njRFImdt0P+qP->Xe5&mg9SYgSYD4r@6w_JcWH@8G6l-9WJV0;
zk{LaLOtzql{BT~6r$IM56wwmNOeB@OFD~+N{hq!;0$?l({p55l9Rcf(uFjTLZBt;Y
zm20$en*y7K*4fjo#p1bme-a$$db(Rv*-X4A(wB;ZxBhfCL*6v0T2c|3TV{T|K=BWG
z9I=w~z(~b0$ph}vWO600K;Iy2waI(MKH>{&lgrU|0(eZk9$N9F&Yht3j`2zQ9;yhM
zX4bmJ{Hg5{$GL%Z<aFAGFJlnslnv)HP&{M9ajtNhv*FM{EAjZj`Hypv6OR+bd48ho
zF!{l{VB9zzvEjUSpzNp($Eb69#)e}VoF;9!eVu&KhC>Hf=~Wwkk%hV$Hv(=1+z7Z4
za3kPG;Ij~c52~*ESRH+*LOoFar#d0jM<(?$<5hL^w-qPM<{O*$0z7M6a~F`RbprJV
zP%=Ax#xRTtlg9^|+3AxOj}KzA)5k3yA8cl)pSE~>pqZV1!s78kW_J2J7LN}wv(w*X
z9!l>vOK%fq`M{qIU~T64*B$&H9Q-Q|{y7K#D+m7zJKykb=h(?R)v-6!(Klyy^mL7v
z{}5WJj<2jUNpl6X-&pfqFgZ7&jyE5Jj5=QaQzYBw^feIL4CW!U%Z<}j>qek;;sjC9
zA2angKZIn%1$AsjJ^tQy_4u4u^*pbhyr8cJ2VrthVVq8w?Phz7|48$05R1Zfz3OQ5
zdd#Y0XZ1?;K=ZZ0OdY#m7*jC_=JVy7f%ohNTdRDupS~A_nCS&OC~OXXdpL%bd=@+M
z*O*hsUYI%wen9$mY3a{EI<fnN<!1C9C8i!&a!rkC9iD5L#I2o}dKAinMjwQSX$kB_
zx8vbA)UoFQAF=S9i8tphAS4yfNyUB(@05zSTR^o`oRW&&7Ont3djFe7p}Xpr;WrY^
zmo*kzXRG|-sYF$v{L7$rUnAy1kSlD2DxG^42dX;0*#`(l;KB2T@yKMs2la#>z{J$!
z!2hihxQ}5AFm*R@W|Pzd-E%SZ`bx9ydim4<2wplN`win0y0vS(dBsK{LSOA1`(voL
zbL_)VPiX9uUUj_olMV3OO4o+-I47sHParhM&wKTC4X@F7=^C5u8hfv8?5&Wo`Y-C}
z36Hw%^}^dYU%$3HbVq1+=+2OKB9RDGt$P^5ZO#{*$ylyA&#jqlirs&11l$O?5pW~m
zM!=1L8v!>0ZUo#2e1;<6p|>U-$$R2TI<CZSP{cK<gkV08e9U4K$TsCgdsnDK)b%AZ
zb@>6YOHZa!N;I2E6!P(ye6etL-=jac_pcvq_gwD15#J5syOznn8^#FG;EZ7$0lEX|
zB+yBq_?yC$?;FM`pff<{fcif$jB40hj{x06FHP{BDkjf;JB4S+@438kS;Yj%5XZ9u
z=o5Y`5Tb3F`D*HF$Tq^KiOLo}f4i^xOI0iGtr!v8*WR%4`m5KYI@;d>p9#?8cUp|=
zkl7FTAOe)Itb_1*3Cin0EbQ~|D{Ec3^Z}?4uqgjAd}ctt7VFM(?<x;!z)u(AWt2l(
z<3L5b&;RYRPG9x6ykVa*z9j6cIauE2tKYX&^)-zy>+l6LzNV0`KIE%u@hL67>K32B
z#aCgze_IXyt7i?v{yqp@y2*`z8v!>0ZUo#2xDjw8;6}iWfE$7T(+JS{H$Lx1+a2qy
zSS44RHYf1<$xKst020z=l33^JE+-!MBAC`nBKUkA?oTkW{KE@I7Wu<;2#xm=O_bp?
zWv`N)&y1ZxBS?H^u3EBU4N)d!Cic_0Gkmj%>4+re{tL5wR_{{62MAz%h$_PMo*_Lx
z+s5TzML6sI(~#|hxS9~W3N+i>ME>Bdq{(yKVcTZ%Yf1hQ@!Sq_|34#qzT4@rp87jT
zbO+HrL<fnE5S<|E^z&&vpQr3-ZM{LM>Fq0I^n$W2&={z%Z77&r!vmY@1NDu8h7A(`
zG>>?e*<+pWw`=2xQa+zvjC%#2KQG4NTxp5Gd*SpokJn=TrGm$4F}_UjcrL~(1ov|>
zzFhG5D8?@mJPwQT6@tfWF%Gl0M8A09C9+Zy_ld(L@hWk&B<{EFYZRBeO7QwnjKgB1
z*b$lcic75X_;#rmX6Mn8`fIH9rda=T);d#+Un)wCbFZkj)`enySk;1dMCQG=^V@c*
zSMaJgkK%k@BHlOV5t+mFv<y0B2c0iwxsUJ>2mX1&d3|R6t&s6ReQJUd;q{~4#23aP
z4LFwTJj_09>MxAvA;3%3f3bEwZu(g*evcJ)q*8u<V(P3}&|i4!!y^{<*9)Z2=eN0t
zKbx6_<L6z|&%*xQ0AB!Qcyih?p1shpivc`M-)sCmbcu;`Y4fxOaAlsga&3T@I_E!a
z>MtBuw*gLH!Ilrq>?J=+P{RCuazEgH_}1lf;8H5YO7v5<aNa$<i2uWj;6Gmke{m7~
zEx@rp&iQf<aD^*pqh5&rs<O)julp?WBaV?EBRm0vX(Qm+FUu)N9TFDn2p^>WiW7be
zs2}D<eUJbm??Qdhk3#dSj&M9mh5F8T-bns;P`T!BsbCW{@nYY|^)7;E0mt?_{eK;B
zWuY7KJ;2wOz(q8t=k)@du!)NKD;Aob)}naH0&jf8vRZ#C+ZRb`F+H2hYmvf`h-TA+
zskk1G1)A!&G?Z4ts~<@%lFLPgwRlF)4U0rBl8$S!LOMMRCN@q3O}$7JFNQ#sG_8GS
zs5`8MZ*J4zc1N*ZOlWPl-yG`hY%P|US4#kbJ4jksB@b%bPN8*l-O>{3(r#&Q-xcoB
zdO|H-Vf1QVNQvePW{vs&OEAdyQa<etioEtxtdF;4iV^dsOfjUzV-Y<96)3(`Gq2Q0
zcWLGktc$#DQ;aRRRpS(6N%EQulvjLbMvLXM+CU@|!}~Oyw}2Mh>Cy1rhdnmfMZovv
z^W?_7yF<5noTb@s4$aH9f<4^c;oih+Jtgnz6yF@0x5vhdKz=x_NBV&3IY|dN2bYlI
zxj_-gWc7HUKT`+{=CXtFoIY%W`U*+71ec5v6l&?L)g%4FR3C`I+n+#eI0HpUs^_HS
zo_H>w%w~!h4P?1^DuM=-8%*gUU<N7x*+735Sj^<(Q4!GNL%`ys0PU>V^MUvPO@o0L
zcw<ibkn=%Wa2|?^q?6!GnnP!Z0L;ZS%&$_D`#;C<i3652_%4&Fnx0dc@;-~irY`4^
zegQtXw_$sJE@rBL%%1rBhp{b?vD@E9<uk?iU-rc7Ib)rWvD@==HdBQai8}3X1^ged
zH{$y9^ElIbvZHO3wclj75y;@)k?r}po#_Au7ZTPHv)q2(=OqEdCbK<1-!nY}GJ7I-
z7IZh{aPP<VyboZ?`$(=o>oI)*>~Sy2Jnt8n2B{=x{RtN1kinR;J?|@+&X6LP?`;3~
z$-ag3c>lrlh|L~j=CpqTFpLTNhc987h&rFBo&Eoq!(JgfrX%EziNn44k;DElDKKUI
z#q5td?0J90bdU{+vOlKyoMLZ3KbJ6ljyuL-&u)L?u;=|2)0M19)EU3$$lfYOAw{Bl
zh-Je4$NVdh!TPiP9z{x+c1hOy?=1f{kl5{yDpHjxK406Dv;4Cl#61%&JJx=X?^`?d
znP>Vw*jCx>`S+=bS^y!jp5*3v#?ONQ$1a!8`%At*&-dhU{$XM}?*FF%!zQvl|30;!
z9!!VO$d=fi=~6JZ+lwG6*GtOfunV?hz7mWP<MR3W)KB&bD-w13TSeuQx~0wb*I9_n
zU|liUDUTf~k^h6_aE2C!D*=Yf16KTa{l(wixbD(Y{;$W4F{Gy*&beGE#l1#p`!n05
L20!n!zSI6+4?&=(

literal 0
HcmV?d00001

diff --git a/DownUnderCTF 2023/beginner/confusing/confusing.c b/DownUnderCTF 2023/beginner/confusing/confusing.c
new file mode 100644
index 00000000..aaa85bc7
--- /dev/null
+++ b/DownUnderCTF 2023/beginner/confusing/confusing.c	
@@ -0,0 +1,32 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+void init() {
+    setvbuf(stdout, 0, 2, 0);
+    setvbuf(stdin, 0, 2, 0);
+}
+
+int main() {
+    init();
+
+    short d;
+    double f;
+    char s[4];
+    int z; 
+
+    printf("Give me d: ");
+    scanf("%lf", &d);
+
+    printf("Give me s: ");
+    scanf("%d", &s);
+
+    printf("Give me f: ");
+    scanf("%8s", &f);
+
+    if(z == -1 && d == 13337 && f == 1.6180339887 && strncmp(s, "FLAG", 4) == 0) {
+        system("/bin/sh");
+    } else {
+        puts("Still confused?");
+    }
+}
diff --git a/DownUnderCTF 2023/beginner/confusing/confusing.py b/DownUnderCTF 2023/beginner/confusing/confusing.py
new file mode 100644
index 00000000..f9eb0bde
--- /dev/null
+++ b/DownUnderCTF 2023/beginner/confusing/confusing.py	
@@ -0,0 +1,35 @@
+from pwn import *
+import os
+
+os.environ["PWNLIB_DEBUG"] = "1"
+
+gs = '''
+unset env LINES
+unset env COLUMNS
+set follow-fork-mode child
+# br *main+78 # first scanf
+br *main+160
+br *main+170
+br *main+220
+c
+'''
+
+elf = ELF(os.getcwd()+"/confusing")
+
+def start():
+    if args.GDB:
+        return gdb.debug(elf.path, gs)
+    if args.REMOTE:
+        return remote("2023.ductf.dev", 30024)
+    else:
+        return process(elf.path)
+
+while True:
+    io = start()
+    print(io.recvuntil(b"Give me d: "))
+    io.sendline(b"7")
+    print(io.recvuntil(b"Give me s: "))
+    io.sendline(b"FLAG")# + b"\xff"*4)
+    print(io.recvuntil(b"Give me f: "))
+    io.sendline(b"2")
+    io.interactive()
\ No newline at end of file
diff --git a/DownUnderCTF 2023/beginner/xxd-server/xxd_server/.htaccess b/DownUnderCTF 2023/beginner/xxd-server/xxd_server/.htaccess
new file mode 100755
index 00000000..459c8c84
--- /dev/null
+++ b/DownUnderCTF 2023/beginner/xxd-server/xxd_server/.htaccess	
@@ -0,0 +1,4 @@
+# Everything not a PHP file, should be served as text/plain
+<FilesMatch "\.(?!(php)$)([^.]*)$">
+    ForceType text/plain
+</FilesMatch>
\ No newline at end of file
diff --git a/DownUnderCTF 2023/beginner/xxd-server/xxd_server/Dockerfile b/DownUnderCTF 2023/beginner/xxd-server/xxd_server/Dockerfile
new file mode 100755
index 00000000..6a7e5509
--- /dev/null
+++ b/DownUnderCTF 2023/beginner/xxd-server/xxd_server/Dockerfile	
@@ -0,0 +1,6 @@
+FROM php:8.1-apache
+
+COPY index.php .htaccess /var/www/html/
+COPY flag /
+RUN sed -i 's/AllowOverride None/AllowOverride All/g' /etc/apache2/apache2.conf
+RUN mkdir -p /var/www/html/uploads && chmod 1333 /var/www/html/uploads
diff --git a/DownUnderCTF 2023/beginner/xxd-server/xxd_server/index.php b/DownUnderCTF 2023/beginner/xxd-server/xxd_server/index.php
new file mode 100755
index 00000000..903a54b6
--- /dev/null
+++ b/DownUnderCTF 2023/beginner/xxd-server/xxd_server/index.php	
@@ -0,0 +1,110 @@
+<?php
+
+// Emulate the behavior of command line 'xxd' tool
+function xxd(string $s): string {
+	$out = '';
+	$ctr = 0;
+	foreach (str_split($s, 16) as $v) {
+		$hex_string = implode(' ', str_split(bin2hex($v), 4));
+		$ascii_string = '';
+		foreach (str_split($v) as $c) {
+			$ascii_string .= $c < ' ' || $c > '~' ? '.' : $c;
+		}
+		$out .= sprintf("%08x: %-40s %-16s\n", $ctr, $hex_string, $ascii_string);
+		$ctr += 16;
+	}
+	return $out;
+}
+
+$message = '';
+
+// Is there an upload?
+if (isset($_FILES['file-upload'])) {
+	$upload_dir = 'uploads/' . bin2hex(random_bytes(8));
+	$upload_path = $upload_dir . '/' . basename($_FILES['file-upload']['name']);
+	mkdir($upload_dir);
+	$upload_contents = xxd(file_get_contents($_FILES['file-upload']['tmp_name']));
+	if (file_put_contents($upload_path, $upload_contents)) {
+		$message = 'Your file has been uploaded. Click <a href="' . htmlspecialchars($upload_path) . '">here</a> to view';
+	} else {
+	    $message = 'File upload failed.';
+	}
+}
+
+?>
+<!DOCTYPE html>
+<html>
+<head>
+    <title>xxd-server</title>
+        <style>
+        body {
+            background-color: #fff;
+            color: #000;
+            font-family: Arial, sans-serif;
+            height: 100vh;
+            display: flex;
+            justify-content: center;
+            align-items: center;
+        }
+
+        .container {
+            text-align: center;
+            border: 2px solid #000;
+            padding: 20px;
+            border-radius: 10px;
+        }
+
+        h1 {
+            color: #000;
+        }
+
+        #file-upload {
+            display: none; /* hide the actual input */
+        }
+
+        /* Style the label to look like a button */
+        label[for="file-upload"] {
+            display: inline-block;
+            background-color: #000;
+            color: #fff;
+            padding: 10px 20px;
+            cursor: pointer;
+            transition: background-color 0.3s;
+        }
+
+        label[for="file-upload"]:hover {
+            background-color: #666;
+        }
+
+        #submit-button {
+            margin-top: 20px;
+            background-color: #000;
+            color: #fff;
+            border: none;
+            padding: 10px 20px;
+            cursor: pointer;
+            transition: background-color 0.3s;
+        }
+
+        #submit-button:hover {
+            background-color: #666;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <h1>xxd-server</h1>
+        <p>Our patented hex technology&trade; allows you to view the binary data of any file. Try it here!</p>
+        <form action="/" method="POST" enctype="multipart/form-data">
+            <input type="file" id="file-upload" name="file-upload">
+            <label for="file-upload">Select File</label>
+            <br>
+            <input type="submit" id="submit-button" value="Upload">
+        </form>
+        <?= $message ? '<p>' . $message . '</p>' : ''; ?>
+    </div>
+</body>
+</html>
+
+
+
diff --git a/DownUnderCTF 2023/web/actually-proxed/actually-proxed/Dockerfile b/DownUnderCTF 2023/web/actually-proxed/actually-proxed/Dockerfile
new file mode 100644
index 00000000..387f7b84
--- /dev/null
+++ b/DownUnderCTF 2023/web/actually-proxed/actually-proxed/Dockerfile	
@@ -0,0 +1,11 @@
+FROM golang:1.20-alpine3.17
+
+WORKDIR /app
+
+COPY . ./
+
+RUN go build -o out/ ./...
+USER 1000:1000
+EXPOSE 8080
+
+ENTRYPOINT [ "./docker-entrypoint.sh" ]
diff --git a/DownUnderCTF 2023/web/actually-proxed/actually-proxed/cmd/proxy/main.go b/DownUnderCTF 2023/web/actually-proxed/actually-proxed/cmd/proxy/main.go
new file mode 100644
index 00000000..ef4e646e
--- /dev/null
+++ b/DownUnderCTF 2023/web/actually-proxed/actually-proxed/cmd/proxy/main.go	
@@ -0,0 +1,131 @@
+package main
+
+import (
+	"bufio"
+	"bytes"
+	"flag"
+	"fmt"
+	"io"
+	"log"
+	"net"
+	"net/http"
+	"net/url"
+	"strings"
+)
+
+func main() {
+	targetUrlFlag := flag.String("target", "http://localhost:8081", "Target URL")
+	port := flag.Int("port", 8080, "The port to listen on")
+	flag.Parse()
+
+	targetUrl, err := url.Parse(*targetUrlFlag)
+	if err != nil {
+		log.Fatalf("Error parsing target URL: %s", err)
+	}
+
+	ln, err := net.Listen("tcp", fmt.Sprintf(":%d", *port))
+	log.Printf("Listening on port %d\n", *port)
+	if err != nil {
+		log.Fatalf("Error listening: %s", err)
+	}
+	defer ln.Close()
+
+	for {
+		conn, err := ln.Accept()
+		if err != nil {
+			log.Printf("Error accepting connection: %s", err)
+			continue
+		}
+
+		go func() {
+			defer conn.Close()
+
+			scanner := bufio.NewScanner(conn)
+			var rawRequest bytes.Buffer
+			for scanner.Scan() {
+				line := scanner.Text()
+				if line == "" {
+					break
+				}
+				fmt.Fprintf(&rawRequest, "%s\r\n", line)
+			}
+			if err := scanner.Err(); err != nil {
+				log.Printf("Error reading request: %s", err)
+				return
+			}
+
+			clientIP := strings.Split(conn.RemoteAddr().String(), ":")[0]
+
+			request, err := parseRequest(rawRequest.Bytes(), clientIP, targetUrl.Host)
+			if err != nil {
+				log.Printf("Error parsing request: %s", err)
+				return
+			}
+
+			client := http.Client{}
+			resp, err := client.Do(request)
+			if err != nil {
+				log.Printf("Error proxying request: %s", err)
+				return
+			}
+			defer resp.Body.Close()
+
+			// Write the response to the connection
+			writer := bufio.NewWriter(conn)
+			resp.Write(writer)
+			writer.Flush()
+		}()
+	}
+}
+
+func parseRequest(raw []byte, clientIP, targetHost string) (*http.Request, error) {
+	var method, path, version string
+	headers := make([][]string, 0)
+	reader := bytes.NewReader(raw)
+	scanner := bufio.NewScanner(reader)
+	scanner.Scan()
+	fmt.Sscanf(scanner.Text(), "%s %s %s", &method, &path, &version)
+
+	for scanner.Scan() {
+		line := scanner.Text()
+		if line == "" {
+			break
+		}
+		parts := strings.SplitN(line, ":", 2)
+		if len(parts) == 2 {
+			headers = append(headers, []string{strings.TrimSpace(parts[0]), strings.TrimSpace(parts[1])})
+		}
+	}
+
+	for i, v := range headers {
+		if strings.ToLower(v[0]) == "x-forwarded-for" {
+			headers[i][1] = fmt.Sprintf("%s, %s", v[1], clientIP)
+			break
+		}
+	}
+
+	headerMap := make(map[string][]string)
+	for _, v := range headers {
+		value := headerMap[v[0]]
+
+		if value != nil {
+			value = append(value, v[1])
+		} else {
+			value = []string{v[1]}
+		}
+
+		headerMap[v[0]] = value
+	}
+
+	request := &http.Request{
+		Method:        method,
+		URL:           &url.URL{Scheme: "http", Host: targetHost, Path: path},
+		Proto:         version,
+		ProtoMajor:    1,
+		ProtoMinor:    1,
+		Header:        headerMap,
+		Body:          io.NopCloser(reader),
+		ContentLength: int64(reader.Len()),
+	}
+	return request, nil
+}
diff --git a/DownUnderCTF 2023/web/actually-proxed/actually-proxed/cmd/secret_server/main.go b/DownUnderCTF 2023/web/actually-proxed/actually-proxed/cmd/secret_server/main.go
new file mode 100644
index 00000000..3d37ec4b
--- /dev/null
+++ b/DownUnderCTF 2023/web/actually-proxed/actually-proxed/cmd/secret_server/main.go	
@@ -0,0 +1,43 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+	"strings"
+)
+
+var (
+	port = flag.Int("port", 8081, "port to listen on")
+)
+
+func main() {
+
+	flag.Parse()
+
+	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		xff := r.Header.Values("X-Forwarded-For")
+
+		ip := strings.Split(r.RemoteAddr, ":")[0]
+
+		if xff != nil {
+			ips := strings.Split(xff[len(xff)-1], ", ")
+			ip = ips[len(ips)-1]
+			ip = strings.TrimSpace(ip)
+		}
+
+		// 1337 hax0rz 0nly!
+		if ip != "31.33.33.7" {
+			message := fmt.Sprintf("untrusted IP: %s", ip)
+			http.Error(w, message, http.StatusForbidden)
+			return
+		} else {
+			w.Write([]byte(os.Getenv("FLAG")))
+		}
+	})
+
+	log.Printf("Listening on port %d", *port)
+	log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", *port), nil))
+}
diff --git a/DownUnderCTF 2023/web/actually-proxed/actually-proxed/docker-entrypoint.sh b/DownUnderCTF 2023/web/actually-proxed/actually-proxed/docker-entrypoint.sh
new file mode 100755
index 00000000..dc5e905c
--- /dev/null
+++ b/DownUnderCTF 2023/web/actually-proxed/actually-proxed/docker-entrypoint.sh	
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+# https://docs.docker.com/config/containers/multi-service_container/
+
+cd /app/out
+
+# Start the proxy
+./proxy &
+
+# Start the web server
+./secret_server &
+
+# Wait for any process to exit
+wait -n
+
+# Exit with status of process that exited first
+exit $?
diff --git a/DownUnderCTF 2023/web/actually-proxed/actually-proxed/go.mod b/DownUnderCTF 2023/web/actually-proxed/actually-proxed/go.mod
new file mode 100644
index 00000000..1f3029fe
--- /dev/null
+++ b/DownUnderCTF 2023/web/actually-proxed/actually-proxed/go.mod	
@@ -0,0 +1,3 @@
+module github.com/DownUnderCTF/actually-proxed
+
+go 1.20