picoCTF Solutions
picoCTF 2026Web ExploitationMedium

North-South

Published: March 20, 2026

Description

I've set up geo-based routing -- can you outsmart it? Access to the real service is restricted based on your geographic location. Only requests from a specific region are routed to the server that holds the flag.

Setup

Launch the challenge instance and note the URL.

Install Tor and configure it to use Iceland exit nodes.

sudo apt install tor
# Or on macOS: brew install tor

Solution

  1. Step 1Configure Tor to use Iceland exit nodes
    The Nginx reverse proxy routes requests from Iceland (country code IS) to the flag server, and other countries to a decoy. Configure Tor to exclusively use Icelandic exit nodes.
    # Edit your Tor config -- typically at /etc/tor/torrc
    echo 'ExitNodes {is}' | sudo tee -a /etc/tor/torrc
    echo 'StrictNodes 1' | sudo tee -a /etc/tor/torrc
    sudo systemctl restart tor
    # Or on macOS:
    echo 'ExitNodes {is}\nStrictNodes 1' >> /opt/homebrew/etc/tor/torrc
    brew services restart tor
  2. Step 2Request the challenge URL through Tor
    With Tor routing through Iceland, your request appears to originate from an Icelandic IP. The geo-check passes and you're routed to the flag server.
    curl --proxy socks5h://localhost:9050 http://<HOST>:<PORT_FROM_INSTANCE>/
    # Verify your exit IP is in Iceland first:
    curl --proxy socks5h://localhost:9050 https://check.torproject.org/api/ip

Flag

picoCTF{g30_byp4ss_...}

The Nginx config routes Icelandic IPs to the flag server. Configure Tor with ExitNodes {is} and StrictNodes 1 to route requests through Iceland exit nodes.