GET aHEAD Pico CTF Writeup

Introduction

This blog talks about how to solve the GET aHEAD challenge, which is one of the tasks in the picoCTF Web Exploitation section.

Solution

Here’s what you need to do: There’s a flag hidden on a server. You can access it through this link: http://mercury.picoctf.net:21939/ Just open the link in your web browser and use a Burp Suite tool to capture the requests and responses. That’s all!

Here’s what we’ve got: There are only 2 buttons on the app, and they change the page’s color when clicked. We’ve clicked both buttons and checked all the traffic captured so far in the tool, but nothing seems important.

The challenge name, “Get aHEAD,” seems like a clue. “HEAD” is a known HTTP method, so let’s try changing the method from “GET” to “HEAD” in one of the captured requests and see what response we get.

Here’s something interesting: The flag value is shown in the response.

Challenge completed. Thank you.

Conclusion

In conclusion, by carefully analyzing the application, experimenting with different HTTP methods, and inspecting the responses, we successfully solved the challenge. This experience underscores the importance of thorough investigation and creative problem-solving in cybersecurity tasks.


Share your love
Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions or brave browser to block ads. Please support us by disabling these ads blocker.Our website is made possible by displaying Ads hope you whitelist our site. We use very minimal Ads in our site