Description

Last week I decided to create my own search engine. It was kinda hard so i piggybacked on another one. I also tried something on port 8000.

Flag format: CTF{sha256}

Preambule

We can access a website that show us a search engine like Google. When using it, it returns a list of links.

Analysing

We need to access something on localhost:3000, but we can’t access it directly.
When trying to search something, it call a backend api that returns the result of a web page.
The API accepts only one parameter, url that MUST begging by https://www.google.com/, this eleminate a lot of possible ways.
After a lot of googleing 🙂 we found out that we can use ved parameter that can allow us to directly use Google as an open redirect.

Resolution

First, do ourself a search on google with our website and get ved parameter from links shown.

After, passing to the challenge:

https://www.google.com/?url=...&ved=...

With an url that we controls and redirects to localhost:3000, give us the flag :

The flag was: CTF{9cf16d163cbaecc592ca40bee3de4b1626ee0f4a3b3db23cbd5ad921049ebc0f}