Project Sekai - ✅-web-huup

Project Sekai

🔒 BYUCTF 2023 / ✅-web-huup

HUUP - 500 points

Category: Web Description: There's all this rage around TCP, but I think UDP is superior, so I made my website only accessible through UDP! Notes - max message length is 1024 bytes, only GET requests will really work, and messages are discarded after 10 seconds byuctf.xyz:40011 Files: No files. Tags: Hard, Networking

Sutx pinned a message to this channel. 05/19/2023 10:01 AM

@Violin wants to collaborate

10:08

@rubiya wants to collaborate

10:12

@Legoclones wants to collaborate

10:12

@jayden wants to collaborate

@strellic wants to collaborate

last web

11:36

"Spamming" is not prohibited for this challenge

11:39

hm i guess first step is figure out how to connect to the site

11:40

i tried [bryce@bryce-laptop ~]$ echo -e "GET / HTTP/1.1\r\nHost: byuctf.xyz:40011\r\n" | nc -u byuctf.xyz 40011 but no dice

11:42

import socket

# Server details
server_ip = 'byuctf.xyz'
server_port = 40011

# HTTP request
http_request = "GET / HTTP/1.1\r\nHost: byuctf.xyz:40011\r\n\r\n"

# Create a UDP socket
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)

# Send the HTTP request
sock.sendto(http_request.encode(), (server_ip, server_port))

# Receive response from the server
response, server_address = sock.recvfrom(1024)

# Print the response
print(response.decode())

# Close the socket
sock.close()

11:42

seems to work

11:42

credits to chatgpt

import socket
import time

# Server details
server_host = 'byuctf.xyz'
server_port = 40011

server_ip = socket.gethostbyname(server_host)

# HTTP request
http_request = "\r\n".join([
    "GET / HTTP/1.1",
    f"Host: {server_host}:{server_port}",
    "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
    "Accept-Encoding: gzip, deflate",
    "Accept-Language: en-US,en;q=0.9",
    "Cache-Control: max-age=0",
    "Connection: keep-alive",
    "Upgrade-Insecure-Requests: 1",
    "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36",
    "",
    ""
])

# Create a UDP socket
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)

# Send the HTTP request
sock.sendto(http_request.encode(), (server_ip, server_port))

# Receive response from the server
response, server_address = sock.recvfrom(16384)

# Print the response
print(response.decode())

11:57

ok not sure why im not getting the resp body

11:57

but need to go for a couple hours

jayden

used /ctf solve

✅ Challenge solved.

wait oops

jayden

used /ctf unsolve

✅ Challenge unsolved.

15:30

✅ Challenge solved.

ooooh how did you like HUUP?

Legoclones

ooooh how did you like HUUP?

lol idk ngl didnt think spamming it would just spit out the flag

jayden

used /ctf solve

✅ Challenge solved.

15:32

✅ Challenge solved.

oops bruh lol

lol u broke it

15:33

yeah, it's UDP, so even if you have the HTTP request right the body may not come with it

15:34

and because server is so far away u gotta spam almost 100 times to get the body returned

15:34

I was going to do so much more but it already took so many requests to get it

oh lmfao

16:16

is the sol just run the script a lot

16:16

funny

Exported 33 message(s)