Pico CTF Web Exploitation
This is the second (logged) step of my journey exploring the cybersecurity world. I am taking it slowly, but still catching a few concepts and gathering experience.
This time, I will talk about the picoCTF challenge called “GET aHEAD”. As usual, solving this flag took me quite a bit of trial and error, but eventually, it made sense.
First, let’s look at the hints for the challenge:
- Maybe you have more than 2 choices
- Check out tools like Burpsuite to modify your requests and look at the responses
I disregarded the second hint, for the simple fact that I am more of a curl person, and not acquainted with Burpsuite yet. The first hint suggests that we may have more than 2 choices, so I thought: “what if I try changing POST parameters and see if i get an error?”
I tried a few things along this line like:
curl -X POST http://mercury.picoctf.net:45028/index.php -F file=../
And other “shots in the dark”. After a while, I revisited the exercise, and this time I wondered if the title itself wouldn’t be a hint. “GET aHEAD” , what might this mean?
curl -I http://mercury.picoctf.net:45028/index.phpHTTP/1.1 200 OK
Content-type: text/html; charset=UTF-8
The “-I” parameter will make curl send a HEAD request, which will retrieve only the header response without a body from the server.
And this was pretty much it, I learned about the HEAD request, which I wasn’t yet familiarized, and solved another entry-level challenge on this awesome platform.
Stay tuned for the next steps and feel free to comment if you have any questions or suggestions.