This room helps in understanding how the web works(basically HTTP requests & responses, web servers, and cookies).
Task 1: Introduction and objectives
Read the information given
Task 2: How do we load websites?
summary:
DNS request is made → converts URL to IP address
Some HTTP verbs are:
GET: It is used to retrieve data from a specified resource.
POST: It is used to send data to a resource i.e to create or update a resource.
DELETE: It deletes the specified resource.
a) What request verb is used to retrieve page content?
GET
b) What port do web servers normally listen on?
80
c) What’s responsible for making websites look fancy?
CSS
Task 3: More HTTP — Verbs and request formats
There are 9 different HTTP “verbs/methods”
GET, POST, DELETE, PATCH, HEAD, PUT, CONNECT, OPTIONS, TRACE.
For more: https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods
a) What verb would be used for a login?
POST
b) What verb would be used to see your bank balance once you’re logged in?
GET
c) Does the body of a GET request matter? Yea/Nay
Nay
d)What’s the status code for “I’m a teapot”?
418
e) What status code will you get if you need to authenticate to access some content, and you’re unauthenticated?
401
Task 4: Cookies, tasty!
They are sent with the HTTP request to the server. As HTTP is stateless, cookies are used to save relevant information. They are of 3 types: session, tracking & Personalization. They have a name, a value, an expiry date, and a path.
Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
Task 5: MiniCTF
a) What’s the GET flag?
thm{162520bec925bd7979e9ae65a725f99f}
Making a GET request to the web server with path /ctf/get
i.e. curl -X GET http://MACHINE_IP:8081/ctf/get
b)What’s the POST flag?
thm{3517c902e22def9c6e09b99a9040ba09}
Making a POST request to the web server with path /ctf/path and data “flag_please”
i.e. curl -X POST — data “flag_please” http://MACHINE_IP:8081/ctf/path
c)What’s the “Get a cookie” flag?
thm{91b1ac2606f36b935f465558213d7ebd}
using the -c flag
command used: curl http://10.10.63.82:8081/ctf/getcookie -c Cookie_store.txt
cat Cookie_store.txt
d)What’s the “Set a cookie” flag?
thm{c10b5cb7546f359d19c747db2d0f47b3}
using the --cookie flag
command used : used: curl http://10.10.63.82:8081/ctf/getcookie -cookie flagpls=flagpls
Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
