I guess monitoring the server doesnt cause a harm .. right?
-
To open the challenge you need to paste all the 3 flags in the correct order.
-
After getting the IP donot share it with other players.
-
The box might go down due to severe load. In that case we might add new box or instance.
-
Donot share the flag.
-
Donot harm the box / the testing environment by installing something!
-
If you want to reset the box drop a mail at
[email protected]along with your username. -
Donot delete any files which is pre-loaded in the system.
-
Start with the following piece of code.
-
Even though its an AWS instance you cannot get aws-metadata / or IAM / Security details. If you get by somehow please do drop me a mail along with the POC.
<html>
<!-- CSRF POC -- Generated By @dark_haxor -->
<body>
<script>history.pushState('', '', '/')</script>
<form action="https://ctf.sudoflaws.in/ip_giver.php" method="POST">
<input type="hidden" name="fname1" value="sudoflaws{Flag of challenge SpaceWhite}" />
<input type="hidden" name="fname2" value="sudoflaws{Flag of challenge Kennywizard}" />
<input type="hidden" name="fname3" value="sudoflaws{Flag of challenge AlienTech}" />
<!-- No spaces in between flags ..please do eliminate those spaces -->
<input type="submit" value="Submit request" />
</form>
</body>
</html>
https://twitter.com/dark_haxor
IF you really liked the box feel free to donate 🙂
Bitcoin 1PgyTpKQ4AcUGVuSJSq5fLXvLjVeputL1g
Stellar GAT62OFZ3LUOTSNKKPSB2J6JBW4XU4G2FUKFVTV3U2PPNRSTAQ6XS7V3
Etherium 0x0CF6EC165D27E1cf65a1360d4D6bCb4233dEd36B
USD Digital 0x0CF6EC165D27E1cf65a1360d4D6bCb4233dEd36B