# THM Room: Web Fundamentals

[TryHackMe Web Fundamentals Room](https://tryhackme.com/room/webfundamentals)

<figure><img src="https://tryhackme-images.s3.amazonaws.com/room-icons/c969a5ba19bfe2a3da8000e7db4a03bb.png" alt=""><figcaption><p>THM Web Fundamentals room Logo</p></figcaption></figure>

## Final Task - Mini CTF

#### Tasks

There's a web server running on `http://MACHINE_IP:8081`. Connect to it and get the flags!

1. **GET request:** Make a GET request to the web server with the path `/ctf/get`
2. **POST request:** Make a POST request with the body "flag\_please" to `/ctf/post`
3. **Get a cookie:** Make a GET request to `/ctf/getcookie` and check the cookie the server gives you
4. **Set a cookie:** Set a cookie with the name "`flagpls`" and value "`flagpls`" in your `dev tools` (or with curl!) and make a GET request to `/ctf/sendcookie`

#### Task 1

The `GET` request is a simple request that can easily be sent by just visiting the page through a web browser or we can also use command line tools i.e `curl` to send it like the following command.

```bash
curl http://10.10.81.75:8081/ctf/get
```

**Flag:**

```
thm{162520bec925bd7979e9ae65a725f99f}
```

#### Task 2

The `POST` request is managed by the browser client side languages or by the http forums but modern browsers also implement the request made in its developer tools that we can use to make any kind of requests. We can also send that using command line tools like `curl` but we have to know what type of `POST` we want to make i.e Did they have any request data? What is its Content-type? etc. We have to know about it to send the valid request.

```bash
curl -X POST --data flag_please http://10.10.81.75:8081/ctf/post
```

**Flag:**

```
thm{3517c902e22def9c6e09b99a9040ba09}
```

#### Task 3

The `HTTP` protocol is a state-less protocol which means they don't know about the user who makes the request so each time the request is sent using the `http` protocol they don't know about the previous request. In short `http` doesn't able to manage users' sessions and states so that browsers store a session that we call a `cookie`. That is sent with all the requests so that users preserve their sessions. In this task, we just have to make a simple `GET` request to the `/get/cookie` endpoint that way they store a session in our browsers that we can see in our browser storage. Or we can make that request using a command line tool like `curl` so we can see the cookie in our terminal.

```bash
curl -I http://10.10.81.75:8081/ctf/getcookie
```

We should see a cookie in our terminal using the above command or we can use our web browser to see it by visiting the above link in our browser and they show us a message "`check your cookies`", which means they set a cookie and store it in our browser. To see it we have to follow the procedure according to our browser but for Firefox press `F12` to open a pane in which we see different kinds of developer tools like inspect mode etc you will see a tab name `Storage Option` in that you find cookies stored in the browser just click on appropriate URL to see these cookies.

**Flag:**

```
thm{91b1ac2606f36b935f465558213d7ebd}
```

#### Task 4

From the previous task, we see cookies in our browser now our task is to change the cookie value with "`flagpls`" and then send the `GET` request to the `/ctf/sendcookie` endpoint. So to change the cookie in the browser just double click on the cookie value and change it in your `developers tool/Storage Options` but to make that request using command line tools i.e `curl` we can use the following command.

```bash
curl -H "Cookie: flagpls=flagpls" http://10.10.81.75:8081/ctf/sendcookie
```

**Alternative version:**

```bash
curl -b "flagpls=flagpls" http://10.10.160.195:8081/ctf/sendcookie
```

**Flag:**

```
thm{c10b5cb7546f359d19c747db2d0f47b3}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://w4h33d.gitbook.io/hack-notes/writeups/tryhackme/thm-room-web-fundamentals.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.