GET aHEAD | Mar 3, 2023

Introduction

Welcome to my another writeup! In this picoGym challenge, you’ll learn: HTTP HEAD method! Without further ado, let’s dive in.

• Overall difficulty for me (From 1-10 stars): ★☆☆☆☆☆☆☆☆☆

Background

Author: madStacks

Description

Find the flag being held on this server to get ahead of the competition

http://mercury.picoctf.net:15931/

Find the flag

Home page:

View source page:

[...]
<form action="index.php" method="GET">
    <input type="submit" value="Choose Red"/>
</form>
[...]
<form action="index.php" method="POST">
    <input type="submit" value="Choose Blue"/>
</form>
[...]

In here, we see there are 2 forms, and they both sending a POST request to index.php.

When we click those buttons, it’ll change the background color to red or blue:

Seems nothing right?

In the challenge’s title, it has a hint: HEAD HTTP method.

The HTTP HEAD method requests the headers that would be returned if the HEAD request’s URL was instead requested with the HTTP GET method. For example, if a URL might produce a large download, a HEAD request could read its Content-Length header to check the filesize without actually downloading the file. (From Mozilla web docs)

Armed with above information, we can use curl with the -i flag to send a HEAD method request:

┌[siunam♥earth]-(~/ctf/picoGym/Web-Exploitation)-[2023.03.03|16:43:47(HKT)]
└> curl -I http://mercury.picoctf.net:15931/         
HTTP/1.1 200 OK
flag: picoCTF{r3j3ct_th3_du4l1ty_82880908}
Content-type: text/html; charset=UTF-8

We found the flag!

• Flag: picoCTF{r3j3ct_th3_du4l1ty_82880908}

What we’ve learned:

1. HTTP HEAD method