antiTree | projects and info
posted by antitree on Apr 30, 2017

Check out the previous 1, 2, and 3 for the other CTF challenges.

Hop Till You Drop

The original plan for this one was to show how you can setup an exit node to allow single hop circuits – in other words, you don’t create a full 3 hop circuit on tor but just use the exit node as the one and only proxy. This is normally banned unless you allow it both at the exit and on the client.

But that didn’t happen. :)

For this one, all you had to do was find the exit node after reading my tongue-in-cheek poem that some people might get.

4 hop, 3 hop, 2 hop, 1
AllowSingleHopExits if you want to have fun
Bombs explode and Apples are ripe
Search on Atlas for the mangopipe

http://hoppybsidesroc.antitree.com:8089

That web server looked at the IP that you gave it, and then redirected you to a path like /ip/1.2.3.4. The only reason I did the redirect was to let people try to exploit it in different ways.

You should have got the hint to search on Atlas.torproject.org for “mangopipe” which will bring up a variety of exit nodes that I ran and it would also show you the IPs that it’s hosted under.

Mango pipe

Side note, one of the teams decided that they wanted to use this configuration for other parts of the challenge including the port scanning one. My VPS provider has a few nasty tickets open right now because of that. :)

With this information you could have done one of two things. Modified your client’s local torrc file to choose to only use exit nodes on that list. Like this:

ExitNodes mangopipe93

Or, even easier, you could just change the IP path to be one of the IPs on that list. Then you’d see this:

You Win

Answer: BOURGET_SHENANIGANS