During the Google CTF, I did not finish the Opabina 4 challenge due to time constraints (my fault – I thought it finished at 1am local time and played videogames instead). Afterwards, I found the server was still up, so I completed this challenge to set my mind more at ease.
This challenge starts off similar to the other Opabina challenges, with the client making a GET request to “/”. Letting this go through, I was surprised when the server spat back a full HTML page. I saved the page and rendered it:
Inspection of the content returned nothing abormal, aside from an HTML form posted to https://elided/user/sign_in. My first thought was to redirect this to http://elided, or to send this to a listening host on the Internet:
It turns out that the solution was much simpler (and in line with the 75-point value): a GET request to /user/sign_in on localhost was enough:
Unfortunately, this challenge was solved too late to win any Internet points, but this was a fun diversion nonetheless 🙂
(Also: super hyped for this weekend)