Protected
[REDACTED] This comment is only shown to users who have solved this challenge.
Medium
Live
This website requires authentication, via POST. However, it seems as if someone has defaced our site. Maybe there is still some way to authenticate? http://165.227.106.113/post.php
First 10 Solvers
| Rank | Username |
|---|---|
| 1 | ross3102 |
| 2 | alexkato29 |
| 3 | emperorlepone |
| 4 | dknj11902 |
| 5 | 0xibram |
| Rank | Username |
|---|---|
| 6 | thanhbok26b |
| 7 | voidmercy |
| 8 | niclev20 |
| 9 | limyunkai19 |
| 10 | nandayo |
post aha!!!
Protected
[REDACTED] This comment is only shown to users who have solved this challenge.
Protected
[REDACTED] This comment is only shown to users who have solved this challenge.
-
Protected[REDACTED] This comment is only shown to users who have solved this challenge.
need more tutorials for beginners
Curl works fine and smooth but BURP did't work for me.
"these" should be corrected to "there"
-
Theseis correct in this case!
Protected
[REDACTED] This comment is only shown to users who have solved this challenge.
it was a good challenge for me since I never used POST
Protected
[REDACTED] This comment is only shown to users who have solved this challenge.
I prefer curl, quick and easy.
Easy challenge.
Protected
[REDACTED] This comment is only shown to users who have solved this challenge.
71urlkufpsdnlkadsf
Hello. I want to say that at first the credentials I sent were correct and I didn't get the flag, and then I tried again with the exact same code and it worked. Probably a bug dunno, just letting you know
i did it using python
Too easy for a medium but it was lots of fun!
I'm an absolute noob with POST and I have no idea what I'm doing. Tried cURL but am stuck. Can I get a hint?
Finally, that took a while.
Finally, that took a while.
Is "Sorry, the page you are looking for is currently unavailable. Please try again later." normal message in this task?
Doesn't work for me. I can only see the page with error message
Doesn't work for me. I can only see the page with error message
``` An error occurred. Sorry, the page you are looking for is currently unavailable. Please try again later.
If you are the system administrator of this resource then you should check the error log for details.
Faithfully yours, nginx. ```
Is it normal?
Still don't know how does it work and what is a use of it, but at least I'm aware of something like curl exists now. I need to learn more! :D
just used firefox, nothing else
Medium low
Couldn't get any response with curl, the connection gets timed out. Solved it with a browser, but now i wonder if my curl is broken or something X)
Should be at easy. It's just sending request via postman or any other tool. Comparing with that task, Injection task should be 'hard' (but it's actualy taged as easy).
Actually it's an easy for the hint is detailed
Solving these are teaching me alot very quickly thank you for making them. P.S this one should be put into easy
really? lol
Easy
easy one but nice job
good
it is better to use burp suite
Protected
[REDACTED] This comment is only shown to users who have solved this challenge.
I've learned how to use Burpsuite properly :)
jquery gang
LIKE CSRF ?, im using simple html script, and WORKS :)
Its too easy for MEDIUM
-
Como lo has conseguido no se hacer nada
Should have a lower difficulty
Should have a lower difficulty
I'm having issues connecting to the webserver. It's sending back a 502 and a generic nginx error page.
Protected
[REDACTED] This comment is only shown to users who have solved this challenge.
It was good!
Tips: think where in the page can you get de data to post, when you get it investigate how works the post method and other ones since you are there. :D
too ez
That was pretty cool!
it's easy
what a challenge!!!!!!!!!!!
Check the webpages source code and use this link https://reqbin.com/req/yjok4snr
just need notepad (and a browser)
took me a while to figure it out and used curl to get the flag
anybody can share other method then http method use curl
postman
this was easy
Protected
[REDACTED] This comment is only shown to users who have solved this challenge.
A good way for me as a beginner to explore alternative ways for POST!
i used curl.
nice challenge, because of this challenge i start learn something new.
why postman isn't legit anymore?
i have to go to my school login page to intercept the post body
https://www.codepunker.com/tools/http-requests
this should be correctly labelled as Easy
nice try
Protected
[REDACTED] This comment is only shown to users who have solved this challenge.
This is beginner friendly nice
Anyone can give me some hints
-
import requests as req url = "http://165.227.106.113/post.php" data = {"username":"<censored>","password":"<censored>"} res = req.post(url , data=data) print(res.status_code) print(res.text) python
curl is usefull although. :)
Protected
[REDACTED] This comment is only shown to users who have solved this challenge.
-
Protected[REDACTED] This comment is only shown to users who have solved this challenge.
I like that one, but honestly some Easy ones took me more time
F
easier than expected
i used powershell to do this..
I used Postman to solve this
I used Postman to solve this
I used Postman to solve this
so easy
Protected
[REDACTED] This comment is only shown to users who have solved this challenge.
made simple python program
import requests as req url = "http://165.227.106.113/post.php" data = {"username":"<censored>","password":"<censored>"} res = req.post(url , data=data) print(res.status_code) print(res.text)
made simple python program
import requests as req<br /> url = "http://165.227.106.113/post.php"<br /> data = {"username":"<censored>","password":"<censored>"}<br /> res = req.post(url , data=data)<br /> print(res.status_code)<br /> print(res.text)
Basic form encoded ;)
By the way, -D dumps header to file, -d specifies data
Protected
[REDACTED] This comment is only shown to users who have solved this challenge.
It was faster than the blind SQL injection of the first level.
WannaCry
Who used Python to do this
Necromancer
ok boomer
mrmoosti
:clown:
hamu96
[REDACTED] This comment is only shown to users who have solved this challenge.
karmanyaahm
[REDACTED] This comment is only shown to users who have solved this challenge.
karmanyaahm
[REDACTED] This comment is only shown to users who have solved this challenge.
Tanmay7
me
Kur0
this should be under easy
intelagent
Yep. Changing, thank you!
Kur0
cool! :)
Theriphunters
[REDACTED] This comment is only shown to users who have solved this challenge.
UndercoverCop
[REDACTED] This comment is only shown to users who have solved this challenge.
UndercoverCop
Where the hell to submit the flag?
thang_ngn
curl made this task easy :)
phuwn29
=)))) spoiler
thang_ngn
[REDACTED] This comment is only shown to users who have solved this challenge.
Srivathsan01
Why isn't curl -u working? Is it necessary that for this to work ,the frontend must have a form which takes in username and password??
DeadPi
Was a bit harder for a beginner but it finally worked.
Gj1197
Good One. Really requiring to think out of the box.
FelixGB
[REDACTED] This comment is only shown to users who have solved this challenge.
FelixGB
Didn't meant to protect my comment. I wrote "I think it's a bit too easy for medium."
intelagent
Could definitely be lowered by 10-20
mehedi1194
Why it not work with burpsuite ! ! !
Kacper_Shin
It works all right. I had to add one header:
g10b0tta
[REDACTED] This comment is only shown to users who have solved this challenge.
BradlyW
Cool little trick
hayderhasan
[REDACTED] This comment is only shown to users who have solved this challenge.
Herlok
[REDACTED] This comment is only shown to users who have solved this challenge.
zeropointsix
The link doesn't work for me
intelagent
working for me. What browser?
zeropointsix
Tried safari, seamonkey and mobile chrome. Doesn't seem like a browser issue
intelagent
What happened when you try load the page? What does it say?
zeropointsix
Like failed to connect to server or couldn’t access the site. I also tried different internet provider, it have been loading the page for a little bit longer, but still result in an error. I’ll try one more provider later. Could it be like country issue?
intelagent
It could be I guess but I doubt it. If it says something about POST data, that’s part of the challenge!
zeropointsix
Finally got there by using VPN. TY for your attention!