[ictf Feb 2021] My challenges
Two of my submitted challenges were used for ictf round 7. Both of them web challenges. A brief overview of the challenges can be found in this post, the relevant files are available here.
Pathological liars (2021-02-21)
If at once you don’t solve a challenge, ask your parents to solve for you :D
- A link to a running version of the website, serving its own source code with access to the flag
A simple path traversal, trying to highlight a directory gives us a
directory listing. Traversing up the directory tree, we see
flag.txt in the listing of the parent directory, so we can
just highlight that.
Simple Server Real Fun (2021-02-22)
Check out my new Redirect as a Service website!
- A link to the website, highlighting its own source code, with access to flag.txt
In general, we’ve got an ssrf vulnerability, with some filtering we
need to bypass (we can’t immediately inject
We have 2 alternative solutions:
- Make the ssrf to a website you control serving a redirect to
- Bypass the localhost checks by using alternative IP encodings (as a
single integer for example) or alternative IPs (like
0.0.0.0), bypass the flag check through a double url encoding (e.g.