NahamCon CTF 2021: Homeward Bound

---

Challenge

Prompt:

We get a static web page saying that we cannot access the page externally.

If we can't access it externally, we can try to trick the server into thinking we are on the same network.

There is an HTTP header, X-Forwarded-For which is used to specify the original requestor, in the case that a request goes through a proxy. I set this header to: X-Forwarded-For: 127.0.0.1

... and this revealed the flag!