- Problem path
- Problem information
-
Problem solving
[Problem path]
https://dreamhack.io/wargame/challenges/1186
what-is-my-ip
Description How are they aware of us even behind the wall? FYI Flag Location: /flag Flag Format: DH{...}
dreamhack.io
[Problem information]
[Problem solving]
1. When I connected to the problem server, my public IP address was displayed.
2. In the problem file, I checked the code in which the flag function was written in the root path part. Analyzing the code, you can see that the IP address is forwarded to the server to execute the desired shell command(for example: using '; ls' command to check the directory list) and capture and show the results fo the commands executed by the server.
3. I sent the request to the web server via curl as follows. The '-H' option is to add a request header, and "X-Forwarded-For" is one of the headers that carries the client's IP address to the server. And execute the "; cat /flag" shell command. That is, it functions to execute a shell command "; cat /flag" using the user's IP address and show the result to the user. It can be seen that the flag is derived as a result of the shell command as follows.
'Wargame & CTF > dreamhack' 카테고리의 다른 글
| [Webhacking] php7cmp4re (0) | 2024.01.30 |
|---|---|
| [Webhacking] Type c-j (0) | 2023.09.29 |
| [Webhacking] Flying Chars (0) | 2023.08.22 |
| [Webhacking] devtools-sources (0) | 2023.08.21 |
| [Webhacking] session-basic (0) | 2023.08.13 |