[CTF(x) 2016 : WEB] north korea – 50 pts Writeup

Standard

Description:
What is North Korea hiding?
http://problems.ctfx.io:7002/

Entering the URL I faced with only a sentence:
“We, the Democratic People’s Republic of Korea, have developed a revolutionary new security standard. The West doesn’t stand a chance.”

That’s all? I took a look at the source code (ctrl+u) to see if something is hiding, and indeed I saw a hidden button and a simple script:

I clicked the button and it gave me the content of “http://problems.ctfx.io:7002/code” which was a message: “Nice try kiddo”.
Well, I took a look again at the first message: “…The West doesn’t stand a chance.”. What about the north? What if i”ll set the X-Forwarded-For to North Korea’s IP? X-Forwarded-For is the conventional way of identifying the originating IP address of the user connecting to the web server coming from either a HTTP proxy, load balancer.

And the response came with the flag:
ctf(jk_we_aint_got_n0_nuk35)

megabeets_inline_logoEat Veggies.

Share

Leave a Reply

Your email address will not be published. Required fields are marked *