feat: add scary-website challenge
This commit is contained in:
Abel Stuker
parent
5991f63f5d
commit
10ffb1563e
5
scary-website/Dockerfile
Normal file
5
scary-website/Dockerfile
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
FROM nginx
|
||||||
|
|
||||||
|
COPY ./conf/nginx.conf /etc/nginx/templates/default.conf.template
|
||||||
|
COPY ./conf/server.cert /etc/nginx/server.cert
|
||||||
|
COPY ./conf/server.key /etc/nginx/server.key
|
||||||
17
scary-website/README.md
Normal file
17
scary-website/README.md
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
# Scary website
|
||||||
|
|
||||||
|
## Text
|
||||||
|
|
||||||
|
I randomly came across this website yesterday and I think it has been hacked.!
|
||||||
|
My browser says something scary about attackers that could steal my data...
|
||||||
|
I don't want my data to get stolen so I immidiately closed the window of course.
|
||||||
|
|
||||||
|
Maybe you can take a look at it? But be careful!
|
||||||
|
|
||||||
|
## Files
|
||||||
|
|
||||||
|
none
|
||||||
|
|
||||||
|
## How to deploy
|
||||||
|
|
||||||
|
N.A.
|
||||||
20
scary-website/SOLUTION.md
Normal file
20
scary-website/SOLUTION.md
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
## Difficulty
|
||||||
|
|
||||||
|
Easy
|
||||||
|
|
||||||
|
## Category
|
||||||
|
|
||||||
|
Web
|
||||||
|
|
||||||
|
## How to solve
|
||||||
|
|
||||||
|
Visiting the challenge IP gives a certificate error. Skipping the warning brings us to a page that does not contain the flag.
|
||||||
|
When you analyze the wrong certificate, you can see that it was issued for the domain inconspicuous-domain.ctf.infogroep.be.
|
||||||
|
|
||||||
|
Visiting this domain gives you the flag.
|
||||||
|
|
||||||
|
## Flag
|
||||||
|
|
||||||
|
```
|
||||||
|
IGCTF{rea11y-sCaRy-hUh!!}
|
||||||
|
```
|
||||||
33
scary-website/conf/nginx.conf
Normal file
33
scary-website/conf/nginx.conf
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
|
||||||
|
server_name _;
|
||||||
|
|
||||||
|
return 302 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
server_name "${CHALLENGE_DOMAIN}";
|
||||||
|
ssl_certificate /etc/nginx/server.cert;
|
||||||
|
ssl_certificate_key /etc/nginx/server.key;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 200 "${FLAG}";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl default_server;
|
||||||
|
server_name _;
|
||||||
|
|
||||||
|
ssl_certificate /etc/nginx/server.cert;
|
||||||
|
ssl_certificate_key /etc/nginx/server.key;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 200 'sorry, not here';
|
||||||
|
add_header Content-Type text/plain;
|
||||||
|
}
|
||||||
|
}
|
||||||
22
scary-website/conf/server.cert
Normal file
22
scary-website/conf/server.cert
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDmzCCAoOgAwIBAgIUH1eayQJK1vjpc1hzQQcMGW2NmYswDQYJKoZIhvcNAQEL
|
||||||
|
BQAwXTELMAkGA1UEBhMCQkUxETAPBgNVBAgMCEJydXNzZWxzMRIwEAYDVQQKDAlJ
|
||||||
|
bmZvZ3JvZXAxJzAlBgNVBAMMHjkxLjEzNC41NS4xNzkuY3RmLmluZm9ncm9lcC5i
|
||||||
|
ZTAeFw0yNDExMTkxNjA1NDZaFw0yNDEyMTkxNjA1NDZaMF0xCzAJBgNVBAYTAkJF
|
||||||
|
MREwDwYDVQQIDAhCcnVzc2VsczESMBAGA1UECgwJSW5mb2dyb2VwMScwJQYDVQQD
|
||||||
|
DB45MS4xMzQuNTUuMTc5LmN0Zi5pbmZvZ3JvZXAuYmUwggEiMA0GCSqGSIb3DQEB
|
||||||
|
AQUAA4IBDwAwggEKAoIBAQDXgW6fE8S0nhz0MITJBooO7hFj0q61zqc3AGc4OSzZ
|
||||||
|
WNoG+AT3HgPSypMK8V4V3CPI/LiYkPTZP0ct3/Njt5nCsd78iuTrczNyuIDXBzH3
|
||||||
|
gRFpGrX3AisYlYXudtrmhbY0zkYAz1O1+pVXFthpoxEUXFDuAX9ZBVkIpUqhPAmr
|
||||||
|
CdkgwfX3UxvCBeiJhOeXAy/a1PqF//WkQsh+ypPK+jyNasbG9l6QEpbUu2Aj+n/t
|
||||||
|
74M4BfRy155BQchoK9qe7NYmtMgiLrYrFOXVemCNPONfSz3aYgmsVPT660tUInrj
|
||||||
|
ZvUZ1ePAiY6/vGJ+fKs7N33EXX0dKshuXFT5xbvvnJZ5AgMBAAGjUzBRMB0GA1Ud
|
||||||
|
DgQWBBS/D5HZQYwUJIMelNNr3/8zNCbqXzAfBgNVHSMEGDAWgBS/D5HZQYwUJIMe
|
||||||
|
lNNr3/8zNCbqXzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCW
|
||||||
|
OtTFynKzASy55Xg8EHz0DvCGxZhQErzIy5H3koTW4cxPEvlIunn6gy7Zxjf4htoI
|
||||||
|
5o3Y6x/U/PZpDQn+N3Oxh8I4TvxnH08lGpkkZWnmG89v6xenWGHUwUPYIIBAWEmE
|
||||||
|
Xz3cRaRmbeAQin4R9nHrPa6XH9vIcnN2yLYJIqo4MsIO0/RaleLv9ZRNavUn0Ld4
|
||||||
|
mXMdl5fCtJ+tYKWEX7pemW2+j+Fox4vyVsNFwWNXQHFzI4xtVnMq4YON5K/sgnoM
|
||||||
|
1maOzYFKVNqkNR3jn99j+3Vfv18P4V44/rl82In+GAev3v61z2dBZ+I3gVY7WlZv
|
||||||
|
3tN41P1bk7dQHvEbB/+O
|
||||||
|
-----END CERTIFICATE-----
|
||||||
28
scary-website/conf/server.key
Normal file
28
scary-website/conf/server.key
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQDXgW6fE8S0nhz0
|
||||||
|
MITJBooO7hFj0q61zqc3AGc4OSzZWNoG+AT3HgPSypMK8V4V3CPI/LiYkPTZP0ct
|
||||||
|
3/Njt5nCsd78iuTrczNyuIDXBzH3gRFpGrX3AisYlYXudtrmhbY0zkYAz1O1+pVX
|
||||||
|
FthpoxEUXFDuAX9ZBVkIpUqhPAmrCdkgwfX3UxvCBeiJhOeXAy/a1PqF//WkQsh+
|
||||||
|
ypPK+jyNasbG9l6QEpbUu2Aj+n/t74M4BfRy155BQchoK9qe7NYmtMgiLrYrFOXV
|
||||||
|
emCNPONfSz3aYgmsVPT660tUInrjZvUZ1ePAiY6/vGJ+fKs7N33EXX0dKshuXFT5
|
||||||
|
xbvvnJZ5AgMBAAECgf85OO0Y+U1SDjJ/Kq19ZlHBDYI3G+gqUeMPsX9JkpLu7LaA
|
||||||
|
i5jjv34rjSnGQI8ESN56waKg2zOnUaEU1CCFni0ZOZ311rTq0nQgFzmdhZnd/1dW
|
||||||
|
1Y3mg7WUTJH6M2DdoNywli3bDiqxHESXquVhCYvaKndhs8hwCM2BPFOp0OAmOQz6
|
||||||
|
OG86Qlv19sciLL+lQihTi0JMOP0cfl69Z6+mOAQOvINZ/xN5ZAoCgIygPvb5710x
|
||||||
|
id3VK80Nm9TPmPEby8QN8CgtTOSsYx7XXgzXzoQ4ogjCWUcUd7z7V2ebMrO79OHL
|
||||||
|
eHIvmC14YAIJLeOfQjXvy2Aye7IIqFwdYdovLekCgYEA9kOd+VID/31MjUKBUqFr
|
||||||
|
mQ7Ju+70K7KiQBEXTACmQDTEbM4vNyMQVH4V40lAkyFOaA7R1VzGaemy+J6wXPYs
|
||||||
|
XRVe92UCCVGh37XiQgCiPE0/3Q8w1ah0FaSk9ef4w2DtQx4GXWbDbjpfjNJs8nbo
|
||||||
|
Gb5qOYPA5SMI1vST724jSxUCgYEA4AaD0qD6YGFqd7RC7vql4KWkkDqzbsbElOUW
|
||||||
|
InSY2lfmqBsqtwx6Ug0priKPAUwQtuUWPgKjYDb47xPKxxuByELXkdGEtjxEP9HQ
|
||||||
|
eG9FSz7baeJEDyvxK3zqQVOpiKJiBXsFvMWFSJa7sJEMgynEF2+6So8//PPjmyQX
|
||||||
|
3xEyJtUCgYAb0VmH707KTnIWRtvq5JcN7BC3rO9h/ES9rfCOwkgFWrCRhdzpgol2
|
||||||
|
seNxEDY+KHX95SaozlkPX7m6wdo0Ng6e2SooEf3f5Zu+dIJBaGbrHuLG6s9eYy/x
|
||||||
|
ve5wZKrCDzHd8gdQB6qtyeQ/OQnbfbkMJ2lCY/KnL4TxGyGW2z8bXQKBgFahTlKi
|
||||||
|
G5Avu5skowmE9aZEh7maaY654ITvfbq/OeidOz3gm4kDkz2th2OmS4Sl5ITFW++I
|
||||||
|
16K6P1M8ZRrPwUUuy+vAiMBr17ySJzqbVMF/QhvU+pqfVHiLqo6uio2itaMG6rYP
|
||||||
|
77WdTGFABgWmngSuGO0CLi1kJqz0rSJ+pNUtAoGBAIjH7gNnjAcI5Hxh8E2ijHSB
|
||||||
|
waztuXI6ahG9Vw6GpEH9/4V329Ws7vSYMdRbW8JTyAlGDs5AafP23JFWPSs7h3qT
|
||||||
|
28+kbh2iE4LHClVHsgJgLfAviers7Rkun0VRi6qls2Olf25T8BF+0K1J90roveeY
|
||||||
|
xEcmaiF33yXO+uLKxuNE
|
||||||
|
-----END PRIVATE KEY-----
|
||||||
15
scary-website/docker-compose.yaml
Normal file
15
scary-website/docker-compose.yaml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
services:
|
||||||
|
nginx:
|
||||||
|
build:
|
||||||
|
context: .
|
||||||
|
ports:
|
||||||
|
- 80:80
|
||||||
|
- 443:443
|
||||||
|
environment:
|
||||||
|
- FLAG=IGCTF{rea11y-sCaRy-hUh!!}
|
||||||
|
- CHALLENGE_DOMAIN=inconspicuous-domain.ctf.infogroep.be
|
||||||
|
networks:
|
||||||
|
- app
|
||||||
|
|
||||||
|
networks:
|
||||||
|
app:
|
||||||
Loading…
Reference in New Issue
Block a user