403(Red25) | Notion

Want to host this Docker container locally?

docker run -d -p 9021:80 -p 9022:22 --network flag-red25-net --cap-add=NET_ADMIN --restart always --name Flag_red25 joshbeck2024/ctf-403-bypass-flag-red25

WEBPAGE: 172.25.200.200:9021

SSH Server: 172.25.200.200:9022

Points: 90

Walk through:

You are initially greeted with this webpage that contains a strong hint we should fuzz the website using `raft-small-words.txt`

Download the `raft-small-wordst.txt` wordlist and fuzz the website.

wget <https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Discovery/Web-Content/raft-small-words.txt>
ffuf -u <http://172.25.200.200:9021/FUZZ> -w raft-small-words.txt

Files that start with a dot (.) can generally be ignored.

The `protected` folder does stand out:

Throwing a `403` forbidden error when we attempt to access it.

There are wordlists that will attempt to add header information to this web request that will trick the web server into thinking the request is coming from the IP Address `127.0.0.1,` which may well be authorized to access this endpoint.

Want to host this Docker container locally?

Walk through:

You are initially greeted with this webpage that contains a strong hint we should fuzz the website using raft-small-words.txt

Download the raft-small-wordst.txt wordlist and fuzz the website.

Files that start with a dot (.) can generally be ignored.

The protected folder does stand out:

Throwing a 403 forbidden error when we attempt to access it.

There are wordlists that will attempt to add header information to this web request that will trick the web server into thinking the request is coming from the IP Address 127.0.0.1, which may well be authorized to access this endpoint.

The wordlist below is a good one to try:

You are initially greeted with this webpage that contains a strong hint we should fuzz the website using `raft-small-words.txt`

Download the `raft-small-wordst.txt` wordlist and fuzz the website.

The `protected` folder does stand out:

Throwing a `403` forbidden error when we attempt to access it.

There are wordlists that will attempt to add header information to this web request that will trick the web server into thinking the request is coming from the IP Address `127.0.0.1,` which may well be authorized to access this endpoint.