feat: add scary-website challenge

scary-website/Dockerfile

@@ -0,0 +1,5 @@
+FROM nginx
+
+COPY ./conf/nginx.conf /etc/nginx/templates/default.conf.template
+COPY ./conf/server.cert /etc/nginx/server.cert
+COPY ./conf/server.key /etc/nginx/server.key

scary-website/README.md

@@ -0,0 +1,17 @@
+# Scary website
+
+## Text
+
+I randomly came across this website yesterday and I think it has been hacked.!
+My browser says something scary about attackers that could steal my data...
+I don't want my data to get stolen so I immidiately closed the window of course.
+
+Maybe you can take a look at it? But be careful!
+
+## Files
+
+none
+
+## How to deploy
+
+N.A.

scary-website/SOLUTION.md

@@ -0,0 +1,20 @@
+## Difficulty
+
+Easy
+
+## Category
+
+Web
+
+## How to solve
+
+Visiting the challenge IP gives a certificate error. Skipping the warning brings us to a page that does not contain the flag.
+When you analyze the wrong certificate, you can see that it was issued for the domain inconspicuous-domain.ctf.infogroep.be.
+
+Visiting this domain gives you the flag.
+
+## Flag
+
+```
+IGCTF{rea11y-sCaRy-hUh!!}
+```

scary-website/conf/nginx.conf

@@ -0,0 +1,33 @@
+
+server {
+  listen 80;
+
+  server_name _;
+
+  return 302 https://$host$request_uri;
+}
+
+
+server {
+  listen 443 ssl;
+  server_name "${CHALLENGE_DOMAIN}";
+  ssl_certificate /etc/nginx/server.cert;
+  ssl_certificate_key /etc/nginx/server.key;
+
+  location / {
+    return 200 "${FLAG}";
+  }
+}
+
+server {
+  listen 443 ssl default_server;
+  server_name _;
+
+  ssl_certificate /etc/nginx/server.cert;
+  ssl_certificate_key /etc/nginx/server.key;
+
+  location / {
+    return 200 'sorry, not here';
+    add_header Content-Type text/plain;
+  }
+}

scary-website/conf/server.cert

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIUH1eayQJK1vjpc1hzQQcMGW2NmYswDQYJKoZIhvcNAQEL
+BQAwXTELMAkGA1UEBhMCQkUxETAPBgNVBAgMCEJydXNzZWxzMRIwEAYDVQQKDAlJ
+bmZvZ3JvZXAxJzAlBgNVBAMMHjkxLjEzNC41NS4xNzkuY3RmLmluZm9ncm9lcC5i
+ZTAeFw0yNDExMTkxNjA1NDZaFw0yNDEyMTkxNjA1NDZaMF0xCzAJBgNVBAYTAkJF
+MREwDwYDVQQIDAhCcnVzc2VsczESMBAGA1UECgwJSW5mb2dyb2VwMScwJQYDVQQD
+DB45MS4xMzQuNTUuMTc5LmN0Zi5pbmZvZ3JvZXAuYmUwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDXgW6fE8S0nhz0MITJBooO7hFj0q61zqc3AGc4OSzZ
+WNoG+AT3HgPSypMK8V4V3CPI/LiYkPTZP0ct3/Njt5nCsd78iuTrczNyuIDXBzH3
+gRFpGrX3AisYlYXudtrmhbY0zkYAz1O1+pVXFthpoxEUXFDuAX9ZBVkIpUqhPAmr
+CdkgwfX3UxvCBeiJhOeXAy/a1PqF//WkQsh+ypPK+jyNasbG9l6QEpbUu2Aj+n/t
+74M4BfRy155BQchoK9qe7NYmtMgiLrYrFOXVemCNPONfSz3aYgmsVPT660tUInrj
+ZvUZ1ePAiY6/vGJ+fKs7N33EXX0dKshuXFT5xbvvnJZ5AgMBAAGjUzBRMB0GA1Ud
+DgQWBBS/D5HZQYwUJIMelNNr3/8zNCbqXzAfBgNVHSMEGDAWgBS/D5HZQYwUJIMe
+lNNr3/8zNCbqXzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCW
+OtTFynKzASy55Xg8EHz0DvCGxZhQErzIy5H3koTW4cxPEvlIunn6gy7Zxjf4htoI
+5o3Y6x/U/PZpDQn+N3Oxh8I4TvxnH08lGpkkZWnmG89v6xenWGHUwUPYIIBAWEmE
+Xz3cRaRmbeAQin4R9nHrPa6XH9vIcnN2yLYJIqo4MsIO0/RaleLv9ZRNavUn0Ld4
+mXMdl5fCtJ+tYKWEX7pemW2+j+Fox4vyVsNFwWNXQHFzI4xtVnMq4YON5K/sgnoM
+1maOzYFKVNqkNR3jn99j+3Vfv18P4V44/rl82In+GAev3v61z2dBZ+I3gVY7WlZv
+3tN41P1bk7dQHvEbB/+O
+-----END CERTIFICATE-----

scary-website/conf/server.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQDXgW6fE8S0nhz0
+MITJBooO7hFj0q61zqc3AGc4OSzZWNoG+AT3HgPSypMK8V4V3CPI/LiYkPTZP0ct
+3/Njt5nCsd78iuTrczNyuIDXBzH3gRFpGrX3AisYlYXudtrmhbY0zkYAz1O1+pVX
+FthpoxEUXFDuAX9ZBVkIpUqhPAmrCdkgwfX3UxvCBeiJhOeXAy/a1PqF//WkQsh+
+ypPK+jyNasbG9l6QEpbUu2Aj+n/t74M4BfRy155BQchoK9qe7NYmtMgiLrYrFOXV
+emCNPONfSz3aYgmsVPT660tUInrjZvUZ1ePAiY6/vGJ+fKs7N33EXX0dKshuXFT5
+xbvvnJZ5AgMBAAECgf85OO0Y+U1SDjJ/Kq19ZlHBDYI3G+gqUeMPsX9JkpLu7LaA
+i5jjv34rjSnGQI8ESN56waKg2zOnUaEU1CCFni0ZOZ311rTq0nQgFzmdhZnd/1dW
+1Y3mg7WUTJH6M2DdoNywli3bDiqxHESXquVhCYvaKndhs8hwCM2BPFOp0OAmOQz6
+OG86Qlv19sciLL+lQihTi0JMOP0cfl69Z6+mOAQOvINZ/xN5ZAoCgIygPvb5710x
+id3VK80Nm9TPmPEby8QN8CgtTOSsYx7XXgzXzoQ4ogjCWUcUd7z7V2ebMrO79OHL
+eHIvmC14YAIJLeOfQjXvy2Aye7IIqFwdYdovLekCgYEA9kOd+VID/31MjUKBUqFr
+mQ7Ju+70K7KiQBEXTACmQDTEbM4vNyMQVH4V40lAkyFOaA7R1VzGaemy+J6wXPYs
+XRVe92UCCVGh37XiQgCiPE0/3Q8w1ah0FaSk9ef4w2DtQx4GXWbDbjpfjNJs8nbo
+Gb5qOYPA5SMI1vST724jSxUCgYEA4AaD0qD6YGFqd7RC7vql4KWkkDqzbsbElOUW
+InSY2lfmqBsqtwx6Ug0priKPAUwQtuUWPgKjYDb47xPKxxuByELXkdGEtjxEP9HQ
+eG9FSz7baeJEDyvxK3zqQVOpiKJiBXsFvMWFSJa7sJEMgynEF2+6So8//PPjmyQX
+3xEyJtUCgYAb0VmH707KTnIWRtvq5JcN7BC3rO9h/ES9rfCOwkgFWrCRhdzpgol2
+seNxEDY+KHX95SaozlkPX7m6wdo0Ng6e2SooEf3f5Zu+dIJBaGbrHuLG6s9eYy/x
+ve5wZKrCDzHd8gdQB6qtyeQ/OQnbfbkMJ2lCY/KnL4TxGyGW2z8bXQKBgFahTlKi
+G5Avu5skowmE9aZEh7maaY654ITvfbq/OeidOz3gm4kDkz2th2OmS4Sl5ITFW++I
+16K6P1M8ZRrPwUUuy+vAiMBr17ySJzqbVMF/QhvU+pqfVHiLqo6uio2itaMG6rYP
+77WdTGFABgWmngSuGO0CLi1kJqz0rSJ+pNUtAoGBAIjH7gNnjAcI5Hxh8E2ijHSB
+waztuXI6ahG9Vw6GpEH9/4V329Ws7vSYMdRbW8JTyAlGDs5AafP23JFWPSs7h3qT
+28+kbh2iE4LHClVHsgJgLfAviers7Rkun0VRi6qls2Olf25T8BF+0K1J90roveeY
+xEcmaiF33yXO+uLKxuNE
+-----END PRIVATE KEY-----

scary-website/docker-compose.yaml

@@ -0,0 +1,15 @@
+services:
+  nginx:
+    build:
+      context: .
+    ports:
+      - 80:80
+      - 443:443
+    environment:
+      - FLAG=IGCTF{rea11y-sCaRy-hUh!!}
+      - CHALLENGE_DOMAIN=inconspicuous-domain.ctf.infogroep.be
+    networks:
+      - app
+
+networks:
+  app: