picoCTF — GET aHEAD
Hello Hackers,
Today we will solve the “Get aHEAD” challenge from picoCTF. This is a beginner-level/easy challenge based on web exploitation. Let’s dive right into it!
We see that there’s a link given to us. When we open the link, we are presented with a web page that changes its colour by pressing a button. So the background colour changes to red when you click on “choose red”, and it changes to blue when you click on “choose blue”.
Since this page does not do anything else, we’ll have to look a bit deeper to see how to exploit this. Let’s take a look at the HTTP requests that are sent by the website when we click on each of the two buttons. To do this, we can use a tool called Burp Suite developed by Portswigger. We can manipulate HTTP requests and view their responses using Burp Suite. It is the most widely used tool in Web app testing. If you’re using Kali Linux, you will have it preinstalled, if you’re on some other distro of Linux, you can download it from here. Once you’ve downloaded and installed it, configured it, click on the “choose red” button, intercept its request, and examine it. Now do the same for the “choose blue” button.
As you can see, when we click on the red button, the browser sends a “GET” request. On the other hand, by clicking the blue button, the browser sends a “POST” request. If you don’t know what these are, I highly recommend that you read up on HTTP methods. The “GET” method is used to retrieve a resource from the server, which in this case will be the web page with red background. “GET ”requests do not have a message body. The request parameters are sent in the URL. The “Post” method is used to perform some kind of action, which in this case is to change the background colour to blue. The “Post” method has a message body where all the request parameters are passed. Now that we know that the website uses two different HTTP methods for each button, maybe we can change the method and get the flag. Let’s try and change the “GET” method to “HEAD”. We can do this by right-clicking on the HTTP request and select “send to repeater”. Then switch to the repeater tab and click on send. In the response panel, you can see the flag!
Congratulations on finding the flag!.
Happy Hacking!