2023 Cyber Apocalypse: Persistence

Challenge Information

Summary

This challenge requires executing an HTTP GET request more than 1000 times to extract a flag. The flag likely appears randomly or requires persistence to be revealed. Automation is essential to complete this task efficiently.

Analysis

Challenge objective: Make more than 1000 GET requests to a specified endpoint to retrieve a flag.

Approaches:

1. Using Burp Suite Intruder with number payload
2. Using custom bash script with curl
3. Using any programming language loop with HTTP client

The solution involves:

• Creating a loop that executes N times
• Making an HTTP GET request each iteration
• Capturing and storing responses
• Searching for the flag in the output

Solution

The bash script approach:

#!/bin/bash

# Check arguments
if [ "$#" -ne 2 ]; then
    echo "Usage: $0 <url> <number_of_requests>"
    exit 1
fi

url="$1"
num_requests="$2"
output_file="responses.txt"

# Validate argument
if ! [[ "$num_requests" =~ ^[0-9]+$ ]]; then
    echo "Error: number_of_requests must be a positive integer."
    exit 2
fi

# Clear output file
echo "" > "$output_file"

# Send X GET requests and save responses
for i in $(seq 1 $num_requests); do
    echo "Iteration: $i" | tee -a "$output_file"
    echo | tee -a "$output_file"
    curl -s "$url" | tee -a "$output_file"
    echo | tee -a "$output_file"
    echo "-------------------------------------" | tee -a "$output_file"
done

Execution:

chmod +x get_x_times.sh
./get_x_times.sh http://target.ip/flag 1001

Extract the flag:

grep -E 'HTB\{[a-zA-Z0-9_!]+\}' responses.txt

Key Takeaways

• Some challenges require persistence and repetition
• Automation is essential for large-scale tasks
• Bash scripting enables efficient HTTP request automation
• Regular expressions help extract specific patterns from output
• Logging responses facilitates post-processing
• curl is a versatile tool for HTTP requests
• Loop-based automation is more efficient than manual requests