Challenge Category: Web
Challenge Points: 500
Who sent you here?!
whereyoufrom.nypinfosec.com
When we send a HTTP request, we get a static HTML website with no clues.
curl https://whereyoufrom.nypinfosec.com<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Document</title>
</head>
<body>
Index
</body>
</html>Some websites include a sitemap.xml or sitemap.json or a .well-known/security.txt endpoint.
$ curl https://whereyoufrom.nypinfosec.com/sitemap.xml
$ curl https://whereyoufrom.nypinfosec.com/sitemap.json
$ curl https://whereyoufrom.nypinfosec.com/.well-known/security.txt<!DOCTYPE html>
<html lang="en">
<title>404 Not Found</title>
<h1>Not Found</h1>
<p>
The requested URL was not found on the server. If you entered the URL
manually please check your spelling and try again.
</p>
</html>Since we have no other clues from previous attempts, we can run dirbuster to enumerate all common endpoints to see if we find anything.
$ dirbuster -H -u https://whereyoufrom.nypinfosec.com -l /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -e "" -g -vType Found Response Size
Dir / 200 817
File /flag 200 864
File /console 200 2205
- We know it is something to do with the HTTP Referer header as clued in the challenge description.
- We know the challenge resides in the
/flagendpoint as found by Dirbuster.
$ curl -e http://abc.com https://whereyoufrom.nypinfosec.com/flag<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Document</title>
</head>
<body>
Welcome! I see, http://abc.com has recommended you to us! Here's your
initiation! <br />
NYP{3z_r3fer3r}
</body>
</html>- Let's cleanup the output a little bit.
$ curl -s -e http://abc.com https://whereyoufrom.nypinfosec.com/flag | grep -o "NYP{.*}"NYP{3z_r3fer3r}