Skip to main content

Posts

Showing posts with the label artisinal handcrafted HTTP 3

PicoCTF2018 – Web – Artisinal Handcrafted HTTP 3

PicoCTF2018 – Web – Artisinal Handcrafted HTTP 3 Objective : We found a hidden flag server hiding behind a proxy, but the proxy has some... _interesting_ ideas of what qualifies someone to make HTTP requests.   Looks like you'll have to do this one by hand.   Try connecting via nc 2018shell.picoctf.com 18685, and use the proxy to send HTTP requests to `flag.local`.   We've also recovered a username and a password for you to use on the login page: `realbusinessuser`/`potoooooooo`. Hint : (1)     _Be the browser._   When you navigate to a page, how does your browser send HTTP requests?   How does this change when you submit a form? Solution : This is my first-time sending HTTP GET and POST manually, so I leaned pretty heavily on online resources @pico-2018-shell:~$ nc 2018shell.picoctf.com 18685 Real Business Corp., Internal Proxy Version 2.0.7 To proceed, please solve the following captcha:   _____           __            / __   \         /