write up ctf by ariafatah

ariaf.my.id/ctf_aria /web_exploit/E_GET_aHEAD.html

soal

Find the flag being held on this server to get ahead of the competition http://mercury.picoctf.net:45028/

hint

Maybe you have more than 2 choices
Check out tools like Burpsuite to modify your requests and look at the responses

solve

saya mencoba curl dengan beberapa method

curl -X GET http://mercury.picoctf.net:45028/index.php # red
curl -X POST http://mercury.picoctf.net:45028/index.php # blue
curl -X PUT http://mercury.picoctf.net:45028/index.php # ?
curl -X DELETE http://mercury.picoctf.net:45028/index.php # ?
curl -X PATCH http://mercury.picoctf.net:45028/index.php # ?

curl -X HEAD http://mercury.picoctf.net:45028/index.php #
# Warning: Setting custom HTTP method to HEAD with -X/--request may not work the
# Warning: way you want. Consider using -I/--head instead.

## lalu saya mencoba untuk malkaukan request namun tanpa response body hanya header nya saja
curl -I http://mercury.picoctf.net:45028/index.php
curl -I HEAD http://mercury.picoctf.net:45028/index.php
# curl: (6) Could not resolve host: HEAD
# HTTP/1.1 200 OK
# flag: picoCTF{r3j3ct_th3_du4l1ty_775f2530}
# Content-type: text/html; charset=UTF-8

flag

picoCTF{r3j3ct_th3_du4l1ty_775f2530}