Pico CTF Web Exploitation

This is the second (logged) step of my journey exploring the cybersecurity world. I am taking it slowly, but still catching a few concepts and gathering experience.

This time, I will talk about the picoCTF challenge called “GET aHEAD”. As usual, solving this flag took me quite a bit of trial and error, but eventually, it made sense.

First, let’s look at the hints for the challenge:

• Maybe you have more than 2 choices
• Check out tools like Burpsuite to modify your requests and look at the responses

I disregarded the second hint, for the simple fact that I am more of a curl person, and not acquainted with Burpsuite yet. The first hint suggests that we may have more than 2 choices, so I thought: “what if I try changing POST parameters and see if i get an error?”

I tried a few things along this line like:

curl -X POST http://mercury.picoctf.net:45028/index.php -F file=../

And other “shots in the dark”. After a while, I revisited the exercise, and this time I wondered if the title itself wouldn’t be a hint. “GET aHEAD” , what might this mean?

Following this, I revisited my current favourite curl cheat sheet , looked at the HEAD example and applied it to the exercise:

curl -I  http://mercury.picoctf.net:45028/index.php
HTTP/1.1 200 OK
flag: picoCTF{r3j3ct_th3_du4l1ty_775f2530}
Content-type: text/html; charset=UTF-8

The “-I” parameter will make curl send a HEAD request, which will retrieve only the header response without a body from the server.

And this was pretty much it, I learned about the HEAD request, which I wasn’t yet familiarized, and solved another entry-level challenge on this awesome platform.

Stay tuned for the next steps and feel free to comment if you have any questions or suggestions.