Writeup CTF 0x00sec Web - Exercise #6
Another day, another ctf challenge. This time we try no. 6.
The Challenge
This time, if we visit the page we are welcomed with an error message. That our IP is not on the whitelist. However, let’s start like we always do:
By inspecting the source code of the page.
And we instantly find our hint:
<!-- TODO: -->
<!-- * Test IP whitelisting security -->
The Attack
Well, we know that there is an IP Whitelisting in place. And that it might be flawed. But to be honest, I had no idea how to bypass this.
My initial idea was to abuse exercise 5 for this. As we know that it had an SSRF we could try to access the page of exercise 6 with it. But that sadly did not work out.
But Google is your friend and after googling for _ ip whitelisting bypass_ I found a nice article: https://www.sjoerdlangkemper.nl/2017/03/01/bypass-ip-block-with-x-forwarded-for-header/
That sounds nice. So our target is the X-Forwareded-For header.
And as 127.0.0.1 should never be blocked we have our exploit. So let’s curl the page and add the header with -H
curl -H "X-Forwarded-For: 127.0.0.1" https://exercise-6.0x00sec.dev/
And we see the page content and the flag!
Conclusion
Never give up against a firewall.