Tags: waf web regex waf-bypass

Rating: 3.5

# Web - Cessation
## [Writeup Source](https://github.com/Scoder12/ctf/blob/main/HTB%20CyberApocalypse%202021/web_cessation.md)

This challenge was pretty straightforward. It had a single downloadable file which was called remap.config and had the following contents:

regex_map http://.*/shutdown http://127.0.0.1/403
regex_map http://.*/ http://127.0.0.1/

The homepage didn't have anything interesting on it, so it seems like the only path to exploitation was to somehow access the shutdown URL.

Accessing it directly didn't work due to the regex, but accessing http://<instance ip>//shutdown (with two slashes) showed a page with the flag.

Original writeup (https://github.com/Scoder12/ctf/blob/main/HTB%20CyberApocalypse%202021/web_cessation.md).