Web Fundamentals

Typical ports for web servers would be:

  • 80 (http, non-encrypted, unsecure)

  • 443 (ssl / tls, encrypted / secure)

Popular Web Server examples:

  • Apache

  • Nginx

  • Microsoft's IIS

Web page content can consist of any of the following resources:

  • HTML (hyper text mark-up language)

  • CSS (Cascading style sheet)

  • Javascript / JSON (scripting language to handled client / backend events)

  • PHP

List of HTTP(S) Responses:

  • 100-199: Information

  • 200-299: Successes (200 OK is the "normal" response for a GET)

  • 300-399: Redirects (the information you want is elsewhere)

  • 400-499: Client errors (You did something wrong, like asking for something that doesn't exist)

  • 500-599: Server errors (The server tried, but something went wrong on their side)

Further reading Mozilla

For POST requests, this is the content that's sent to the server. For GET requests, a body is allowed but will mostly be ignored by the server. The response will also have a body. For GET requests, this is normally web content or information such as JSON. For POST requests, it may be a status message or similar.

Further reading on cookies

Task 5 - Mini CTF

  • GET request. Make a GET request to the web server with path /ctf/get

  • POST request. Make a POST request with the body "flag_please" to /ctf/post

  • Get a cookie. Make a GET request to /ctf/getcookie and check the cookie the server gives you

  • Set a cookie. Set a cookie with name "flagpls" and value "flagpls" in your devtools and make a GET request to /ctf/sendcookie

Task 5 - Flag1 - What's the get flag

For this, we are going to use curl. Deploy the machine, and use curl against whatever the address / system you are provided.

curl <ipaddress:port>/ctf/get

This should provide you the flag, as curl by default is essentially a GET request

Task 5 - Flag2 - What's the POST flag

From reading the information provided on TryHackMe we know that we can us the parameter of -X <type of request> to try and get different HTTP responses

For example:

curl -X POST <website>

The only thing is, when using POST is that we need to provide the information that we are POSTing to the site

curl -X POST -d <POST request / body> <website>

We find out that using the flag -d (data) will allow us to enter a body / request information for POST

So we can essentially do:

curl -X POST -d "flag_please" <website>

It's best to consult the man pages again for curl

After reading through it about 5 times I saw that -c takes a parameter for <filename>, and mentions that "Specify to which file you want curl to write all cookies after a completed operation."

curl -c <filename to write cookie to> <website> && cat <filename>

Again, RTFM, read the friendly manual. It will help, and only provide assistance along the way

We see the syntax is similar to below for "send-cookie"

curl -b "cookiename:cookievalue" <website>

We can also use -c <filename> to write the locally stored cookies out in conjuction with the -b switch

curl -b "flagpls=flagpls;" -c <filename> && cat <filename>