Medium Live

POST Practice

40 points

5969 Solves

Web

Medium

intelagent moderator badge ctflearn++ badge

Community Rating: 4.36 / 5

This website requires authentication, via POST. However, it seems as if someone has defaced our site. Maybe there is still some way to authenticate? http://165.227.106.113/post.php

First 10 Solvers


    • hamu96

      Protected

      [REDACTED] This comment is only shown to users who have solved this challenge.

      • karmanyaahm

        Protected

        [REDACTED] This comment is only shown to users who have solved this challenge.

    • karmanyaahm

      Protected

      [REDACTED] This comment is only shown to users who have solved this challenge.

  • Kur0

    this should be under easy

  • Theriphunters

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • UndercoverCop

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • thang_ngn

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • Srivathsan01

      Why isn't curl -u working? Is it necessary that for this to work ,the frontend must have a form which takes in username and password??

  • DeadPi

    Was a bit harder for a beginner but it finally worked.

  • Gj1197

    Good One. Really requiring to think out of the box.

  • FelixGB

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • FelixGB

      Didn't meant to protect my comment. I wrote "I think it's a bit too easy for medium."

    • Kacper_Shin

      It works all right. I had to add one header:

      Content-Type: application/x-www-form-urlencoded; charset=UTF-8

  • g10b0tta

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • hayderhasan

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • Herlok

      Protected

      [REDACTED] This comment is only shown to users who have solved this challenge.

      • zeropointsix

        Tried safari, seamonkey and mobile chrome. Doesn't seem like a browser issue

        • intelagent moderator badge ctflearn++ badge

          What happened when you try load the page? What does it say?

          • zeropointsix

            Like failed to connect to server or couldn’t access the site. I also tried different internet provider, it have been loading the page for a little bit longer, but still result in an error. I’ll try one more provider later. Could it be like country issue?

            • intelagent moderator badge ctflearn++ badge

              It could be I guess but I doubt it. If it says something about POST data, that’s part of the challenge!

              • zeropointsix

                Finally got there by using VPN. TY for your attention!

  • bigcatfacilitator

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • Pamboli

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • mo999

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • Kationa

      Protected

      [REDACTED] This comment is only shown to users who have solved this challenge.

  • Jesser

    need more tutorials for beginners

  • tflo

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • hyperdrive_1

    it was a good challenge for me since I never used POST

  • hamu96

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • vidura

    I prefer curl, quick and easy.

  • btforeman33

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • AT3RM0N

    Hello. I want to say that at first the credentials I sent were correct and I didn't get the flag, and then I tried again with the exact same code and it worked. Probably a bug dunno, just letting you know

  • Fejcvk

    Too easy for a medium but it was lots of fun!

  • anansi

    I'm an absolute noob with POST and I have no idea what I'm doing. Tried cURL but am stuck. Can I get a hint?

  • anansi

    Finally, that took a while.

  • anansi

    Finally, that took a while.

  • valutcizen

    Is "Sorry, the page you are looking for is currently unavailable. Please try again later." normal message in this task?

  • Loreno

    ``` An error occurred. Sorry, the page you are looking for is currently unavailable. Please try again later.

    If you are the system administrator of this resource then you should check the error log for details.

    Faithfully yours, nginx. ```

    Is it normal?

  • Negatyw01

    Still don't know how does it work and what is a use of it, but at least I'm aware of something like curl exists now. I need to learn more! :D

  • quido18

    just used firefox, nothing else

  • Kationa

    Couldn't get any response with curl, the connection gets timed out. Solved it with a browser, but now i wonder if my curl is broken or something X)

  • lisrec

    Should be at easy. It's just sending request via postman or any other tool. Comparing with that task, Injection task should be 'hard' (but it's actualy taged as easy).

  • c0conut

    Actually it's an easy for the hint is detailed

  • Shici

    Solving these are teaching me alot very quickly thank you for making them. P.S this one should be put into easy

  • redman

    it is better to use burp suite

  • romance

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • rotgrip

    LIKE CSRF ?, im using simple html script, and WORKS :)

  • k1k9

    Its too easy for MEDIUM

  • mantis

    Should have a lower difficulty

  • mantis

    Should have a lower difficulty

  • rynloh

    I'm having issues connecting to the webserver. It's sending back a 502 and a generic nginx error page.

  • lucjanex

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • dark_sarcasm

    Tips: think where in the page can you get de data to post, when you get it investigate how works the post method and other ones since you are there. :D

  • B4B4TUND3

    Check the webpages source code and use this link https://reqbin.com/req/yjok4snr

  • __Senku__

    took me a while to figure it out and used curl to get the flag

  • enkillerz

    anybody can share other method then http method use curl

  • robert_dijk

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • ryxicare

    A good way for me as a beginner to explore alternative ways for POST!

  • John_Noob5

    nice challenge, because of this challenge i start learn something new.

  • AntonioCaesar

    i have to go to my school login page to intercept the post body

  • ankitmawle

    https://www.codepunker.com/tools/http-requests

  • d3b0unce

    this should be correctly labelled as Easy

  • miker2808

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • 4L0n3

    Anyone can give me some hints

    • dimuthsakya

      import requests as req url = "http://165.227.106.113/post.php" data = {"username":"<censored>","password":"<censored>"} res = req.post(url , data=data) print(res.status_code) print(res.text) python

  • imanthoc

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • AgungB

      Protected

      [REDACTED] This comment is only shown to users who have solved this challenge.

  • SHaNTuDe

    I like that one, but honestly some Easy ones took me more time

  • WiMaH

    i used powershell to do this..

  • dimuthsakya

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • dimuthsakya

    made simple python program

    import requests as req url = "http://165.227.106.113/post.php" data = {"username":"<censored>","password":"<censored>"} res = req.post(url , data=data) print(res.status_code) print(res.text)

  • dimuthsakya

    made simple python program

    import requests as req<br /> url = "http://165.227.106.113/post.php"<br /> data = {"username":"<censored>","password":"<censored>"}<br /> res = req.post(url , data=data)<br /> print(res.status_code)<br /> print(res.text)

  • alifurkany

    By the way, -D dumps header to file, -d specifies data

  • alifurkany

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • LukeSkywalker

    It was faster than the blind SQL injection of the first level.