APU CSFC

HackIM 2013 - Web 100 WriteUp | APU CSFC

Posted: 2013-02-05 23:22   |  More posts about CTF nullcon HackIM WriteUps

Web Security questions, ranging from 1 to 5 are the first category in HackIM. But it isn't neccessary to solve them first before others. So the challenge is presented as:

/galleries/Selection_075.png

It's clear that the Admin Console was meant for us. So we clicked on it! But BAM! This showed up,

/galleries/Selection_076.png

That's bad isn't? Well, do some googling, as usual about stackoverflow hacking cases, and you'd have come across this; Anatomy of an Attack: How I Hacked StackOverflow. From the blog post, you'd see that the author mentions not to rely upon X-Forwarded-For for anything. Well, there's a hint isn't it. ;)

So, how do we go about hacking that challenge then? It's pretty simple, and most Linux distros already have it by default....

...drum roll please...

Mr. curl :D

So here is what we did you exploit it:

~$ curl --header "X-Forwarded-For: 127.0.0.1" http://ctf.nullcon.net/challenges/web/web1/getflag.php

After that it will print out:

~$ The Flag is DholuBholuareTWINS

Sweet!? :D

Contents © 2013 admin - Powered by Nikola