Level 6 – Hackoween II #ZomatoCTF

Do Not Serve

This was a simple SSRF level.

A link is given which is showing 403 Forbidden page. As the description on page says, it can be accessed internally.

A form is given to load any URL.

Entered the link to flag.txt as it is.

Tried local IP

Tried local IP ki behan

Tried local IP ki mummy

Tried the redirection

And server did not like b99 either.

Tried SSRF bypass trick

It worked! Gave a link that had the code.

Entered the code in the form and got the flag.

Leave a Reply

Your email address will not be published. Required fields are marked *