MQCyberSec

MQCyberSec Logo

MQCyberSec
Back to Writeups

GET aHEAD

by sealldev
PicoCTF icon PicoCTF web
easy
GET aHEAD

Description

Find the flag being held on this server to get ahead of the competition http://mercury.picoctf.net:28916/

Hint: Maybe you have more than 2 choices
Hint: Check out tools like Burpsuite to modify your requests and look at the responses

We are supplied a web application that has a red or a blue option to choose from: redorblue.png

Before I begin, I set up Burp Suite with PwnFox to intercept my requests, and view what is being transmitted.

I click ‘Choose Red’, then ‘Choose Blue’ and view the requests inside Burp Suite.

‘Choose Red’ sends this:

GET /index.php? HTTP/1.1
Host: mercury.picoctf.net:28916
...

Nothing particularly interesting, no data or parameters.

Let’s look at ‘Choose Blue’s request:

POST /index.php HTTP/1.1
Host: mercury.picoctf.net:28916
...

It’s sending a POST (with no data) and that makes the page blue.

Looking at request methods (GET, POST) I use this list to look for any others.

Remembering the title of the challenge, HEAD is another!

I send the POST request to the repeater in Burp Suite, and change the method from POST to HEAD.

HEAD /index.php HTTP/1.1
Host: mercury.picoctf.net:28916
...

The application responds:

HTTP/1.1 200 OK
flag: picoCTF{r3j3ct_th3_du4l1ty_70bc61c4}
Content-type: text/html; charset=UTF-8

Flag: picoCTF{r3j3ct_th3_du4l1ty_70bc61c4}

Related Writeups

caas

Now presenting cowsay as a service https://caas.mars.picoctf.net/

#medium

Cookies

Who doesn't love cookies? Try to figure out the best one. http://mercury.picoctf.net:17781/

#easy

findme

Help us test the form by submiting the username as `test` and password as `test!` Hint: any redirections?

#medium

Share this writeup

Contribute

Found an issue or want to improve this writeup?

Edit on GitHub