Hi there fellow hackers,
I am a part-time Cyber Security student. Recently I started to put focus on Bug Bounty Hunting CTFs so that I can start getting more experience. I am currently working through the Hacker101 CTFs and learning a lot.
I need help with resources or understanding about a challenge I am facing.
On the CTF challenge ‘GreyHatCon’ there is a ‘s3cr3t-4dm1n’ page found through the robots.txt file. This gives a 403 but when you fuzz for files after the secret admin file, you find .htaccess. the .htaccess file outputs that there is a deny all rule in place and only allows the 8.8.8.8 or 8.8.4.4 addresses. Here is the output:
Order Deny,Allow
Deny from all
Allow from 8.8.8.8
Allow from 8.8.4.4
I have tried a multitude of headers like X-Forwarded-For and Forwarded-For etc… but I have no success in passing the 403. I have many different techniques but I guess I don’t understand enough yet. Below is some of the basic information I feel may be relevant.
Apache 2.4.29
Nginx 1.15.8
Possible WAF = Nginx Generic, awselb/2.0
So now I wonder if someone on here has beaten this challenge before and can assist me, NOT by necessarily giving me the answer, but rather by pointing me in the right direction so that I can understand more of what I am up against so that I can formulate a bypass or understand how to exploit the defenses.
Any assistance would be appreciated. I would love to get in touch with someone more experienced in web hacking in order to learn.
Also, one last thing. There is an asset I discovered on the site that I thing could be exploited to my advantage but I am not sure. I found an empty php file ‘url.ctf.hacker101.com/test.php’, but is an empty script file something that can be exploited? I have not found anything on the subject but maybe someone with more experience can guide on how that kind of exploitation works.
Thank you kindly.