picoCTF
ctf lesgo
Web Exploitation
Crack The Gate 2
The login system has been upgraded with a basic rate-limiting mechanism that locks out repeated failed attempts from the same source. We’ve received a tip that the system might still trust user-controlled headers. Your objective is to bypass the rate-limiting restriction and log in using the known email address: [email protected] and uncover the hidden secret
Hints
The hints was given in this challenge which are:
- What IP does the server think you’re coming from?
- Read more about X-forwarded-For
- You can rotate fake IPs to bypass rate limits.
So what it is about?
We know the page restricts input attempts. This means that if we enter invalid credentials, the server will lock our access and prevent us from trying again.
For example:
What is X-forwarded-For
XFF is an HTTP header that tells a web sterver what IP address the client claims to be using. In other words, spoofing. In the real world, this can be done if your IP is allowed. but in this challenge we can ignore that.
Solution
In this challenge I used BurpSuite and sent the http to the intruder to do some automation attack
We will be using 2 payloads
- List of IPs (You can generate it from random IP generator)
- List of passwords given in the list
Then we can start the attack:
The different of the length indicates that we have enter or bypass the login page, use the password and grab the flag!
