In this challenge called GET aHEAD we are dealing with Http Request methods.
We are given an URL http://mercury.picoctf.net:47967/ and as description the following text: Find the flag being held on this server to get ahead of the competition
As a first step, open the given URL in the Browser is always a good choice. So fire up Firefox, Google Chrome, Safari or whatever browser you like and paste the URL:
Nothing really impressive here. A web page showing two buttons where you can change the background color. So let’s take a look at the sourcecode of this page:
<!doctype html>
<html>
<head>
<title>Red</title>
<link rel="stylesheet" type="text/css" href="//maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css">
<style>body {background-color: red;}</style>
</head>
<body>
<div class="container">
<div class="row">
<div class="col-md-6">
<div class="panel panel-primary" style="margin-top:50px">
<div class="panel-heading">
<h3 class="panel-title" style="color:red">Red</h3>
</div>
<div class="panel-body">
<form action="index.php" method="GET">
<input type="submit" value="Choose Red"/>
</form>
</div>
</div>
</div>
<div class="col-md-6">
<div class="panel panel-primary" style="margin-top:50px">
<div class="panel-heading">
<h3 class="panel-title" style="color:blue">Blue</h3>
</div>
<div class="panel-body">
<form action="index.php" method="POST">
<input type="submit" value="Choose Blue"/>
</form>
</div>
</div>
</div>
</div>
</div>
</body>
</html>Nothing very special – except of one thing: The first button is in a form which uses the GET method, the second button is in a form which uses the POST method. With this in mind and remenbering the name of the challenge we can be pretty sure that we have do deal with Http request methods to get the flag.
So what Http methods are out there?
- GET – with GET requests you usually get data from a server. When you open a website in your browser, the browser send a GET request to the Webserver.
- POST- a POST request is often used to send data to the webserver in web forms
- HEAD – a HEAD request is very similar to the GET request, but only for the headers and not for the page body
- PUT – the PUT request is for creating or modifying resources on the server
- DELETE – the DELETE request is used to delete resources on the server
There are some more Http methods, but for now these are enough. If you want to know more about it, please visit https://developer.mozilla.org/de/docs/Web/HTTP/Methods
Since it’s not so easy to use anything but GET right out of the box with your favorite browser, lets write a small python script to send some requests against the server:
import requests
r = requests.get('http://mercury.picoctf.net:47967/')
print("Status:\n", r)
print("Headers:\n", r.headers)
print("Content:\n", r.content)This script sends a GET request to the server and displays the response. Simply modify the script to use one of the other methods. The syntax is the same every time. Just replace the .get method in line two with any other from above in lover case.
Try a few and I’m shure you’ll get the next flag.