Jan 17, 2024, 02:21 AM
The purpose of the website is described as a simple proxy that redirects to a specific URL, similar to the ProxyAsService challenge. The challenge involves accessing a flag stored in a flag.txt file, accessible via the /secret path, but requires the request to be made from the machine's localhost (127.0.0.1).
The exploitation strategy involves two options: try to bypass the remote address verification in the /secret path or call the /secret path through the main / path to make the machine "request itself" through the proxy. The second option is chosen for exploitation. However, the SafeURL() function is identified as a protection mechanism, and to bypass it, the user uses a URL shortener to send a link that redirects to the local /secret path, thus bypassing SafeURL() protection and obtaining access to the flag.
Here I provide you with the Flag and a URL where you can find the resolution of the machine in case you want to do it yourself.
Challenge: https://app.hackthebox.com/challenges/saturn
Writeup: https://medium.com/@reinhardt.pwn/hackth...ae1fe72be9
Flag: HTB{Expl01t1ng_ssrfs_f0r_fun}
The exploitation strategy involves two options: try to bypass the remote address verification in the /secret path or call the /secret path through the main / path to make the machine "request itself" through the proxy. The second option is chosen for exploitation. However, the SafeURL() function is identified as a protection mechanism, and to bypass it, the user uses a URL shortener to send a link that redirects to the local /secret path, thus bypassing SafeURL() protection and obtaining access to the flag.
Here I provide you with the Flag and a URL where you can find the resolution of the machine in case you want to do it yourself.
Challenge: https://app.hackthebox.com/challenges/saturn
Writeup: https://medium.com/@reinhardt.pwn/hackth...ae1fe72be9
Flag: HTB{Expl01t1ng_ssrfs_f0r_fun}
