THM Room: Web Fundamentals

There I solved Task 5 - Mini CTF part of THM room web fundamentals. All the previous tasks are just theory and well taught in the THM room so do check that out from the following Link.

TryHackMe Web Fundamentals Room

THM Web Fundamentals room Logo

Final Task - Mini CTF

Tasks

There's a web server running on http://MACHINE_IP:8081. Connect to it and get the flags!

1. GET request: Make a GET request to the web server with the path /ctf/get

2. POST request: Make a POST request with the body "flag_please" to /ctf/post

3. Get a cookie: Make a GET request to /ctf/getcookie and check the cookie the server gives you

4. Set a cookie: Set a cookie with the name "flagpls" and value "flagpls" in your dev tools (or with curl!) and make a GET request to /ctf/sendcookie

Task 1

The GET request is a simple request that can easily be sent by just visiting the page through a web browser or we can also use command line tools i.e curl to send it like the following command.

curl http://10.10.81.75:8081/ctf/get

Flag:

thm{162520bec925bd7979e9ae65a725f99f}

Task 2

The POST request is managed by the browser client side languages or by the http forums but modern browsers also implement the request made in its developer tools that we can use to make any kind of requests. We can also send that using command line tools like curl but we have to know what type of POST we want to make i.e Did they have any request data? What is its Content-type? etc. We have to know about it to send the valid request.

curl -X POST --data flag_please http://10.10.81.75:8081/ctf/post

Flag:

thm{3517c902e22def9c6e09b99a9040ba09}

Task 3

The HTTP protocol is a state-less protocol which means they don't know about the user who makes the request so each time the request is sent using the http protocol they don't know about the previous request. In short http doesn't able to manage users' sessions and states so that browsers store a session that we call a cookie. That is sent with all the requests so that users preserve their sessions. In this task, we just have to make a simple GET request to the /get/cookie endpoint that way they store a session in our browsers that we can see in our browser storage. Or we can make that request using a command line tool like curl so we can see the cookie in our terminal.

curl -I http://10.10.81.75:8081/ctf/getcookie

We should see a cookie in our terminal using the above command or we can use our web browser to see it by visiting the above link in our browser and they show us a message "check your cookies", which means they set a cookie and store it in our browser. To see it we have to follow the procedure according to our browser but for Firefox press F12 to open a pane in which we see different kinds of developer tools like inspect mode etc you will see a tab name Storage Option in that you find cookies stored in the browser just click on appropriate URL to see these cookies.

Flag:

thm{91b1ac2606f36b935f465558213d7ebd}

Task 4

From the previous task, we see cookies in our browser now our task is to change the cookie value with "flagpls" and then send the GET request to the /ctf/sendcookie endpoint. So to change the cookie in the browser just double click on the cookie value and change it in your developers tool/Storage Options but to make that request using command line tools i.e curl we can use the following command.

curl -H "Cookie: flagpls=flagpls" http://10.10.81.75:8081/ctf/sendcookie

Alternative version:

curl -b "flagpls=flagpls" http://10.10.160.195:8081/ctf/sendcookie

Flag:

thm{c10b5cb7546f359d19c747db2d0f47b3}