mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-25 14:10:41 +00:00
3.5 KiB
3.5 KiB
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:
- If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
- Get the official PEASS & HackTricks swag
- Discover The PEASS Family, our collection of exclusive NFTs
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @carlospolopm.
- Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
CONNECT method
In the Go programming language, a common practice when handling HTTP requests, specifically using the net/http
library, is the automatic conversion of the request path into a standardized format. This process involves:
- Paths ending with a slash (
/
) like/flag/
are redirected to their non-slash counterpart,/flag
. - Paths containing directory traversal sequences such as
/../flag
are simplified and redirected to/flag
. - Paths with a trailing period as in
/flag/.
are also redirected to the clean path/flag
.
However, an exception is observed with the use of the CONNECT
method. Unlike other HTTP methods, CONNECT
does not trigger the path normalization process. This behavior opens a potential avenue for accessing protected resources. By employing the CONNECT
method alongside the --path-as-is
option in curl
, one can bypass the standard path normalization and potentially reach restricted areas.
The following command demonstrates how to exploit this behavior:
curl --path-as-is -X CONNECT http://gofs.web.jctf.pro/../flag
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:
- If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
- Get the official PEASS & HackTricks swag
- Discover The PEASS Family, our collection of exclusive NFTs
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @carlospolopm.
- Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.