What is North Korea hiding?
Entering the URL I faced with only a sentence:
“We, the Democratic People’s Republic of Korea, have developed a revolutionary new security standard. The West doesn’t stand a chance.”
That’s all? I took a look at the source code (ctrl+u) to see if something is hiding, and indeed I saw a hidden button and a simple script:
I clicked the button and it gave me the content of “http://problems.ctfx.io:7002/code” which was a message: “Nice try kiddo”.
Well, I took a look again at the first message: “…The West doesn’t stand a chance.”. What about the north? What if i”ll set the X-Forwarded-For to North Korea’s IP? X-Forwarded-For is the conventional way of identifying the originating IP address of the user connecting to the web server coming from either a HTTP proxy, load balancer.
Curl --header 'X-Forwarded-For: 126.96.36.199' -i http://problems.ctfx.io:7002/code -k -L
And the response came with the flag: