Target from: CTF Playground
Intermediate, Non rootable, Timed
ginx / 0.0.0.0
2: Flags (2:app)
1: Service
1,310 pts
Avg. headshot: 2,407 minutes
Level 15 / Senior CTFer
fakeIn / 78th Place
2: Flags found
1: Service discovered
1,310 pts
25 minutes
Visit the page and pay attention at the files included and their locations.
Proxying requests with user provided input can lead to catastrophic consequences. See if you can grab the flags by:
- accessing the index.html from the internal web server http://127.0.0.1/index.html
- by making the server perform a request to a server controlled by you
To start the challenge connect to http://10.0.14.22:1337/. Your timer starts from the first time you connect to the service.
46 Headshots (newer first)
Ckabos, MrSheldon, napejpfonip, carloslaguna, lisibus, kr0w, Atlantica, GuyFawkes, doofyr, Byt3P4ss, xRuL0, fakeIn, b3li4d, Six666, poggiesai, cavca2012, uApocryphon, DamianPellejero, userctfantonioban, jaxafed, 4rl4dn4, noother, markuche, AskTaimoor, No0ne, NoBody, Clientname, Tr1s, khaledsh, D1ie3z, ddr4ramm, bas1c, srrequiem, vicky5, Sev7en, PufferOverflow, 0x1337, Grosik, r0b0tG4nG, Muzec, biba22, g0rchy, hitmanalharbi, mpz, PegasusActivity Stream
Latest activity on the platform