Finnaly completed it too. I got no clue how that is an Easy level, unless im missing something crucial
This one’s kicking my rear. I have an idea of what I should be trying to do (I think,) I just don’t know how to actually do it.
Update: Got the flag! I learned about an EXCESSively cool type of attack and techniques I hadn’t seen before on the way. I concur with kavigihan; once I’d read up on the vulnerability class, exploitation was super straightforward but I sunk two days into this challenge fumbling around before that.
I had some trouble with the docker provided with this chall. There is a missing lib so puppeteer won’t work and the form to submit url won’t work either
I had to
$ apt-get install libxshmfence1
in the docker to get everything wokring properly.
Or you can fix it in the Dockerfile.
The version of puppeteer is outdated and I got this error when I tried to launch puppeteer in the docker
/app/node_modules/puppeteer/lib/cjs/puppeteer/node/BrowserRunner.js:197 reject(new Error([ ^ Error: Failed to launch the browser process! /app/node_modules/puppeteer/.local-chromium/linux-901912/chrome-linux/chrome: error while loading shared libraries: libxshmfence.so.1: cannot open shared object file: No such file or directory
Hope it helps
Nice chall btw
Is it possible to solve this challenge without hosting my own web page?
If you have a router and can configure it, you can use port forwarding to send traffic to a specific port and host a webpage with python -m http.server.
any hints for obtaining the web flag
I’ve been looking at this for some hours, poked at the only obvious vector.
I can do one thing and another thing, but failed when I tried to chain them together. I saw many people here talking about CORS but I’m not sure if that’s applicable in that case - if I can do them individually then why can’t I do them combined? Any help would be appreciated.
P.S. I’m not sure if the docker image has changed, but I have to manually add
libxshmfence1 libglu1 to the list of packages installed for puppeteer to work.
Do I have to pay the for pro version to solve this challenge?
There is a landing page and puppeteer actually needs to click it
no, ngrok is just a tunnel, to host a page or get requests or anything I just use the python simple http server.
so use ngrok to tunnel traffic to say port 8080, then use “python -m http.server 8080” and then any traffic that goes to the link ngrok gives you is directed to your http server
i dont get it… i used ngrok so redirect to my local environment, and then when i put the ngrok url in the submit i dont receive any http request from the page. BUT when i used a webhook recently created i received a http request.
I’m doing something wrong , or the ngrok does not apply for this challenge ?
Any help will be apreciated.
Since some time in the past, ngrok will display a landing page before loading any content from user as a misuse prevention measure. That’s documented on their website. This means that it cannot be used to solve this challenge unless you pay.
I can accept DMs.
Might be good to report as challenge feedback and set as a disclaimer when attempting the challenge,
localtunnel also has the same issue. Although if there any workaround for the solution it would be good to know.
Tunnelmole is a good alternative to ngrok, simple usage and it’s working with this challenge.
This one is not really easy, the difficulty difference between easy challenges are insane.
Indeed Tunnelmole works. Thanks for the tip , although you’re also right that this challenge is not quite easy, I will rank it a mid level (even hard) if you don’t have good understanding of web.
Finally , i got the flag ,this sheeeyt not easy at all ,dunno why they rank it as an easy challenge LOL
use ngrok with hosted webpage on apache2/nginx or u can simply use python3 web server ,all works fine to me
I use PipeDream free tier for all these sorts of “I need an external host” thing and they work great. You can send arbitrary payloads back against arbitrary URLs and even do logic.