POST Practice
40 points Medium

This website requires authentication, via POST. However, it seems as if someone has defaced our site. Maybe there is still some way to authenticate? http://165.227.106.113/post.php

Flag
Rating 4.44
5
4
3
2
1

Discussion

you can solve it different ways i tried curl and running a python script in my terminal (wsl) and both worked and you can use burp-suite also or anything really or even using console in developer tools and making a js script . or even Using an HTML File making a button with a functional js on it so when clicked it'll grab the flag for you. The key here is To be creative solve it different ways and search and understand what you are doing

0

Decently easy

0

I just did it using Burp Repeater

0

dead ?

0

use cmd line tools :)

0

I was rather easy

0

I dont get it I'm using postman to send a POST with the paramaters for username and password but it just keeps sending back the source code. What POST data am I missing to submit?

0

I dont get it I'm using postman to send a POST with the paramaters for username and password but it just keeps sending back the source code.

0

I'm LOST, please help me, I'm new to this and have no idea what I'm doing

0

ok, I'm brand new to this and I'm either lucky as hell or normal lucky? I opened the source code and ctrl f typed password see what shows up, two lines shows up with curl and ones has find it for the password and the other has what seemingly is a password. one has .x for the ip other has .113 so I took the one with the "real" password and replaced the .x with the .113 and entered it into my VM and it worked... I solved it... but I have no idea what curl does or how it works. I just used random thoughts in my head that sprung from the super liquid I drank this morning? (water) thoughts?

0

Use this command curl "http://165.227.106.x/post.php" -d "username=admin&password=71urlkufpsdnlkadsf"

2

how?

0