htb-Web Requests

HTTP

1)To get the flag, start the above exercise, then use cURL to download the file returned by '/download.php' in the server shown above.

curl IP/download.php

HTTP Requests and Responses

1) What is the HTTP method used while intercepting the request? (case-sensitive)

GET

2)Send a GET request to the above server, and read the response headers to find the version of Apache running on the server, then submit it as the answer. (answer format: X.Y.ZZ)

2.4.41

HTTP Headers

1)The server above loads the flag after the page is loaded. Use the Network tab in the browser devtools to see what requests are made by the page, and find the request to the flag.

curl 94.237.49.11:37693/flag_327a6c4304ad5938eaf0efb6cc3e53dc.txt 

GET

1)The exercise above seems to be broken, as it returns incorrect results. Use the browser devtools to see what is the request it is sending when we search, and use cURL to search for 'flag' and obtain the flag.

获取 Authorization

curl http://admin:admin@94.237.49.11:33285/

获取 flag

curl http://admin:admin@94.237.49.11:33285/search.php?search=flag -H 'Authorization:Basic YWRtaW46YWRtaW4='

POST

1) Obtain a session cookie through a valid login, and then use the cookie with cURL to search for the flag through a JSON POST request to '/search.php'

登录获取 cooike

curl 94.237.59.185:30323 -v -X POST -d 'username=admin&password=admin'

获取flag

curl http://94.237.49.11:54155/search.php -v -X POST -d '{"search":"flag"}' -b 'PHPSESSID=dojvjj2mb0fs6tptngf0estn4i' -H 'Content-Type: application/json'

CRUD API

更改

curl http://94.237.62.195:31837/api.php/city/Walsall -X PUT -d '{"city_name":"flag"}' -H 'Content-Type: application/json'

删除

curl http://94.237.62.195:31837/api.php/city/London -X DELETE

访问

curl http://94.237.62.195:31837/api.php/city/flag
posted @ 2023-10-22 11:50  kazie  阅读(249)  评论(0编辑  收藏  举报