MQCyberSec

MQCyberSec Logo

MQCyberSec
Back to Writeups

GET aHEAD

by sealldev
PicoCTF icon PicoCTF web
easy
GET aHEAD

Description

Find the flag being held on this server to get ahead of the competition http://mercury.picoctf.net:28916/

Hint: Maybe you have more than 2 choices
Hint: Check out tools like Burpsuite to modify your requests and look at the responses

We are supplied a web application that has a red or a blue option to choose from: redorblue.png

Before I begin, I set up Burp Suite with PwnFox to intercept my requests, and view what is being transmitted.

I click ‘Choose Red’, then ‘Choose Blue’ and view the requests inside Burp Suite.

‘Choose Red’ sends this:

GET /index.php? HTTP/1.1
Host: mercury.picoctf.net:28916
...

Nothing particularly interesting, no data or parameters.

Let’s look at ‘Choose Blue’s request:

POST /index.php HTTP/1.1
Host: mercury.picoctf.net:28916
...

It’s sending a POST (with no data) and that makes the page blue.

Looking at request methods (GET, POST) I use this list to look for any others.

Remembering the title of the challenge, HEAD is another!

I send the POST request to the repeater in Burp Suite, and change the method from POST to HEAD.

HEAD /index.php HTTP/1.1
Host: mercury.picoctf.net:28916
...

The application responds:

HTTP/1.1 200 OK
flag: picoCTF{r3j3ct_th3_du4l1ty_70bc61c4}
Content-type: text/html; charset=UTF-8

Flag: picoCTF{r3j3ct_th3_du4l1ty_70bc61c4}

Related Writeups

l33t-benign

Now that you've figured out who was behind this operation, can you figure out who else was affected?

4spam

In the wake of last week's events, we've created a replacement (https://4spam.umbccd.net/). An old dump of some of the ...

Caddyshack

locate and connect to the server running on caddyshack.umbccd.net

Share this writeup

Contribute

Found an issue or want to improve this writeup?

Edit on GitHub