TYS 0x06 - willItBounce

This post is part of the Test Your Skills series. You can find an introduction here. And an overview of all TYS’s currently available is over here.


The goal of this challenge is to find a way to send a specific input from your host to the “Hidden Service” inside the container (as illustrated by the red arrow) - without changing the docker run command (build and run it exactly the way as shown below) or any of the scripts/files provided.

Study the output of the container carefully - it provides you with very relevant information for this TYS. You are also welcome to read the source code of the scripts contained in the tarball - but don’t change anything!

e-axe@little0ne:~/TYS/willItBounce# docker build -t ftpd .
e-axe@little0ne:~/TYS/willItBounce# docker run --rm --name ftpd -p 2121:2121 ftpd
Username: admin
Container local service starting:
Listening on [] (family 0, port 1051)
[I 2019-08-02 09:57:49] >>> starting FTP server on, pid=15 <<<
[I 2019-08-02 09:57:49] concurrency model: async
[I 2019-08-02 09:57:49] masquerade (NAT) address: None
[I 2019-08-02 09:57:49] passive ports: None
Expected value (NTAwODI2Mgo=) not found yet...
Expected value (NTAwODI2Mgo=) not found yet...

Download tys_0x06_willItBounce.tar.xz and get started!

Have fun hunting, feel free to post your approach / write-up and let me know if you have any questions, feedback or general comments in the respective twitter thread over here:

Verify the files you download with:

md5sum     4966bdcc24bf691d2a12e9c3b02229cf                                  cdn/tys/tys_0x06_willItBounce.tar.xz
sha1sum    bf4db2d0e7ea78e1f1f90e4acf759f610cd58efa                          cdn/tys/tys_0x06_willItBounce.tar.xz
sha256sum  4afedf9fd290bfe92f078f227e2c7ed2a19dceb1e78949792c1de7940f68e312  cdn/tys/tys_0x06_willItBounce.tar.xz