picoCTF: get aHead

picoCTF, writeup, web-exploitation

Info #

Problem link - picoCTF: get aHEAD

Solution #

Here is the problem hosted at - http://mercury.picoctf.net:28916/

Here is the important bit from the source code -

...
...
<form action="index.php" method="GET">
	<input type="submit" value="Choose Red"/>
</form>
...
...
<form action="index.php" method="POST">
	<input type="submit" value="Choose Blue"/>
</form>
...
...

The color of the page depends on what HTTP method, e.g. GET or POST, is requested.

There is a hint hidden inside the name of this CTF itself. After trying multiple HTTP methods, HEAD has the way to the flag.

Here is the curl command -

curl -I http://mercury.picoctf.net:28916

Output:

HTTP/1.1 200 OK
flag: picoCTF{r3j3ct_th3_du4l1ty_70bc61c4}
Content-type: text/html; charset=UTF-8

Flag #

Here is the flag -

picoCTF{r3j3ct_th3_du4l1ty_70bc61c4}