Punkty: 320
Rozwiązań: 9

Sometimes auditing nginx configurations is difficult, here is a snippet of collected configurations from production.
The challenge only works on the http3 protocol (in our case: port 18443/udp).
Remember to use the "custom" http3 client and skip ssl verification :).

Host: quiclookthis.ecsc22.hack.cert.pl
Port: 18443/udp

quiclookthis.zip 7.8 KB

Hint: There are some interesting lines in the Dockerfile:

&& echo "Patching nginx lines 713,803 ..." \
&& awk 'BEGIN{ i=0; } { i++; if(i==713 || i==803) print "return NGX_OK;"; else print $0; }' ./src/http/v3/ngx_http_v3_request.c > ./tmp.c \
&& mv -f ./tmp.c ./src/http/v3/ngx_http_v3_request.c \

Format flagi: ecsc{litery_cyfry_i_znaki_specjalne}.
W razie wątpliwości lub pytań dotyczących konkursu zapraszamy na naszego Discorda: https://discord.gg/gAtRKa2rcn.

Aby wysłać flagę, musisz się zalogować.