CTFlearn - Don't Bump Your Head(er) (#109)
2024-06-28 13:38:38

挑戰網站

https://ctflearn.com/challenge/109

題目

Try to bypass my security measure on this site! http://165.227.106.113/header.php

作法

F12 可以注意到他有提到不是使用正確的 UA 跟一個註解 <!-- Sup3rS3cr3tAg3nt -->,於是我們利用這個來當作我們的 UA

1
curl -L 'http://165.227.106.113/header.php' -H 'User-Agent: Sup3rS3cr3tAg3nt'

發現他又提到 Sorry, it seems as if you did not just come from the site, "awesomesauce.com".,於是我們還要加上一個 Referer 的 Header

1
curl -L 'http://165.227.106.113/header.php' -H 'User-Agent: Sup3rS3cr3tAg3nt' -H 'Referer: awesomesauce.com'

就可以拿到 Flag 了!

最終解答

Here is your flag: flag{did_this_m3ss_with_y0ur_h34d}