ctf_aria

write up ctf by ariafatah

---

Project maintained by ariafatah0711 Hosted on GitHub Pages — Theme by mattgraham

soal

Find the flag being held on this server to get ahead of the competition http://mercury.picoctf.net:45028/

hint

• Maybe you have more than 2 choices
• Check out tools like Burpsuite to modify your requests and look at the responses

solve

• saya mencoba curl dengan beberapa method

  curl -X GET http://mercury.picoctf.net:45028/index.php # red
  curl -X POST http://mercury.picoctf.net:45028/index.php # blue
  curl -X PUT http://mercury.picoctf.net:45028/index.php # ?
  curl -X DELETE http://mercury.picoctf.net:45028/index.php # ?
  curl -X PATCH http://mercury.picoctf.net:45028/index.php # ?
  
  curl -X HEAD http://mercury.picoctf.net:45028/index.php #
  # Warning: Setting custom HTTP method to HEAD with -X/--request may not work the
  # Warning: way you want. Consider using -I/--head instead.
  
  ## lalu saya mencoba untuk malkaukan request namun tanpa response body hanya header nya saja
  curl -I http://mercury.picoctf.net:45028/index.php
  curl -I HEAD http://mercury.picoctf.net:45028/index.php
  # curl: (6) Could not resolve host: HEAD
  # HTTP/1.1 200 OK
  # flag: picoCTF{r3j3ct_th3_du4l1ty_775f2530}
  # Content-type: text/html; charset=UTF-8
  

flag

picoCTF{r3j3ct_th3_du4l1ty_775f2530}