ig-ctf-solutions/write-ups-challenges-2024-2025
3
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
main
write-ups-challenges-2024-2025/traffic-jam/SOLUTION.md
Abel Stuker 9272d086ca feat: add traffic-jam challenge
2024-11-25 22:33:53 +01:00

831 B
Raw Permalink Blame History

Difficulty

Medium

Category

Web

How to solve

The description hints that a load balancer might have something to do with this challenge. When visiting the challenge, a 404 page is returned. This is the return page used by traefik. Although there isn't any mention of traefik on the 404 page, the load balancer hint and the name "traffic jam" should enough to realise that traefik is used here.

Traefik has a dashboard page which, if enabled, can be accessed through /dashboard/. When visiting the dashboard, a lot of routes can be seen. Using traefik's API, which is also publically exposed, we can enumerate all of the routes. Only one route returns a successful response, which contains the flag.

A python script that solves the challenge can be found here.

Flag

IGCTF{tra3fik-ftw!}