Statement: Who needs Flask when you have Golang – the new meta for web applications.

Take a look at this super sleek and functional website.

Upon connecting to this URL, we come across the index.hmtl page with the following source code:

    <title>Curly Fry</title>
    <h2>I will release my secret curly fry recipe when I am ready. For now it is safely held in my /root directory</h2>

One suspects that one must access a file in the /root directory.

There is an exploit that allows to access unauthorized resources with a CONNECT request on web servers in Golang.

I first try to access the file /etc/passwd via curl :

curl --path-as-is -X CONNECT

Via the request, I can access the desired file, however it is impossible to execute a command to list the contents of the /root directory.

After reading the HTML source code a lot, I discover the existence of the recipe.txt file (guessing !)

So I run my curl command again with the full path and I get the content:

curl --path-as-is -X CONNECT

Flag: PCTF{tru5t_m3_im_4_ch3f}