TYS 0x06 - willItBounce
The goal of this challenge is to find a way to send a specific input from your host to the “Hidden Service” inside the container (as illustrated by the red arrow) - without changing the docker run command (build and run it exactly the way as shown below) or any of the scripts/files provided.
Study the output of the container carefully - it provides you with very relevant information for this TYS. You are also welcome to read the source code of the scripts contained in the tarball - but don’t change anything!
e-axe@little0ne:~/TYS/willItBounce# docker build -t ftpd . ... e-axe@little0ne:~/TYS/willItBounce# docker run --rm --name ftpd -p 2121:2121 ftpd Username: admin Container local service starting: Listening on [127.0.0.1] (family 0, port 1051) [I 2019-08-02 09:57:49] >>> starting FTP server on 172.17.0.2:2121, pid=15 <<< [I 2019-08-02 09:57:49] concurrency model: async [I 2019-08-02 09:57:49] masquerade (NAT) address: None [I 2019-08-02 09:57:49] passive ports: None Expected value (NTAwODI2Mgo=) not found yet... Expected value (NTAwODI2Mgo=) not found yet... ...
Download tys_0x06_willItBounce.tar.xz and get started!
Have fun hunting, feel free to post your approach / write-up and let me know if you have any questions, feedback or general comments in the respective twitter thread over here:
Verify the files you download with:
md5sum 4966bdcc24bf691d2a12e9c3b02229cf cdn/tys/tys_0x06_willItBounce.tar.xz sha1sum bf4db2d0e7ea78e1f1f90e4acf759f610cd58efa cdn/tys/tys_0x06_willItBounce.tar.xz sha256sum 4afedf9fd290bfe92f078f227e2c7ed2a19dceb1e78949792c1de7940f68e312 cdn/tys/tys_0x06_willItBounce.tar.xz