daffainfo
/
ctf-writeup
mirror of https://github.com/daffainfo/ctf-writeup.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ctf-writeup/IncognitoCTF 2023/get flag 1
History
Muhammad Daffa f5b9ccfca0 feat: added Incognito CTF 2023 2023-02-19 12:15:29 +07:00
..
images feat: added Incognito CTF 2023 2023-02-19 12:15:29 +07:00
README.md feat: added Incognito CTF 2023 2023-02-19 12:15:29 +07:00

README.md

get flag 1

-

About the Challenge

We are given a website and we need to get the flag on port 9001

preview

How to Solve?

I solve this chall by using SSRF (Server-Side Request Forgery) vulnerability to retrieve the flag on port 9001. But there is some filter, for example i can't use http://127.0.0.1 payload. To bypass the filter, im using http://0.0.0.0 payload and then i can get the flag by accessing

http://45.79.210.216:5000/getUrl?url=http://127.0.0.1:9001/flag.txt

And then you will retrieve the flag

ictf{l0c4l_byp4$$_323theu0a9}