Convert 100
If you need to convert something to Markdown, you can try our service: http://convert.nonameconctf2018.xyz
This challenge quickly illustrates a SSRF.
One of the first things I tried was to access localhost / 127.0.0.1
, but without success:
So I decided to try to do with 0.0.0.0
and it worked!
But I did not know what to look for, so I did the simple, a brute of directories:
So finally, I just did the ssrf asking for the file:
Capture the Flag , Server Side Request Forgery , Web , Writeup