Target from: CTF Playground
Intermediate, Non rootable, Timed
ginx / 0.0.0.0
2: Flags (2:app)
1: Service
1,310 pts
Avg. headshot: 2,407 minutes
Level 11 / Senior PenTester
hazy / 148th Place
0: Flags found
1: Service discovered
10 pts
Visit the page and pay attention at the files included and their locations.
Proxying requests with user provided input can lead to catastrophic consequences. See if you can grab the flags by:
- accessing the index.html from the internal web server http://127.0.0.1/index.html
- by making the server perform a request to a server controlled by you
To start the challenge connect to http://10.0.14.22:1337/. Your timer starts from the first time you connect to the service.
46 Headshots (newer first)
Ckabos, MrSheldon, napejpfonip, carloslaguna, lisibus, kr0w, Atlantica, GuyFawkes, doofyr, Byt3P4ss, xRuL0, fakeIn, b3li4d, Six666, poggiesai, cavca2012, uApocryphon, DamianPellejero, userctfantonioban, jaxafed, 4rl4dn4, noother, markuche, AskTaimoor, No0ne, NoBody, Clientname, Tr1s, khaledsh, D1ie3z, ddr4ramm, bas1c, srrequiem, vicky5, Sev7en, PufferOverflow, 0x1337, Grosik, r0b0tG4nG, Muzec, biba22, g0rchy, hitmanalharbi, mpz, PegasusActivity Stream
Latest activity on the platform