Target from: CTF Playground
Intermediate, Non rootable, Timed
ginx / 0.0.0.0
2: Flags (2:app)
1: Service
1,310 pts
Avg. headshot: 2,534 minutes
Level 8 / Master Securitas
Sid110307 / 227th Place
1: Flags found
1: Service discovered
510 pts
Visit the page and pay attention at the files included and their locations.
Proxying requests with user provided input can lead to catastrophic consequences. See if you can grab the flags by:
- accessing the index.html from the internal web server http://127.0.0.1/index.html
- by making the server perform a request to a server controlled by you
To start the challenge connect to http://10.0.14.22:1337/. Your timer starts from the first time you connect to the service.
50 Headshots (newer first)
Touchme, alamillo, c0nfirm, echoOne, Ckabos, slash, napejpfonip, carloslaguna, lisibus, kr0w, Atlantica, GuyFawkes, doofyr, Byt3P4ss, xRuL0, fakeIn, b3li4d, Six666, poggiesaicavca2012, uApocryphon, DamianPellejero, userctf, antonioban, jaxafed, 4rl4dn4, noother, markuche, AskTaimoor, No0ne, NoBody, Clientname, Tr1s, khaledsh, D1ie3z, ddr4ramm, bas1c, srrequiem, vicky5, Sev7en, PufferOverflow, 0x1337, Grosik, r0b0tG4nG, Muzec, biba22, g0rchy, hitmanalharbi, mpz, Pegasus