HTTP-WEB BASICS

My name is Aswin Govind , Cyber Security Trainer,Teacher, Penetration Tester, Bug Bounty Hunter.

TryHackme Created a room designed as a basic intro to how the web works.

This will teach you all the basics in the Web Application.

They covered HTTP requests and responses, web servers, cookies and then put them all to use in a mini Capture the Flag at the end.

First you need to connect your THM vpn.

I am not going to talk here about how can you connect to the VPN but there a link out given.

Ok lets move on;

Task 1 Introduction and objectives

Task 2 How do we load websites? Read all the stuff given there about Finding the server and Loading some content.

Task 3 More HTTP — Verbs and request formats and Task 4 Cookies, tasty!

Task 5 Mini CTF

Talking About that!

Time to put what you’ve learnt to use!

Deploy the machine

There’s a web server running on http://MACHINE_IP:8081. Connect to it and get the flags!

These are the challenges what we want to check.

GET request. Make a GET request to the web server with path /ctf/getPOST request. Make a POST request with the body “flag_please” to /ctf/postGet a cookie. Make a GET request to /ctf/getcookie and check the cookie the server gives youSet a cookie. Set a cookie with name “flagpls” and value “flagpls” in your devtools and make a GET request to /ctf/sendcookie

#1 What’s the GET flag?

Make a Get request to the given url using browser

flag 1

Or you can run the Command in terminal: curl {machine_ip}:8081/ctf/get

#2 What’s the POST flag?

Check the hint and make a post request using the curl command.

#3 Login to answer..

Hint

#3 What’s the “Get a cookie” flag?

The hint is ,Get a cookie. Make a GET request to /ctf/getcookie and check the cookie the server gives you

We can either run a curl command and view cookie by browser.

Go to the Browser to the page http://YOUR-IP:8081/ctf/getcookie and press F12 in chrome and mozilla.

Check Application in Chrome

Check Storage in Mozzila.

#4 What’s the “Set a cookie” flag?

We want to make a GET Request. We can choose curl method or add using Console in the Browser.

curl command:

curl -v — cookie ‘flagpls=flagpls’ http://10.10.138.176:8081/ctf/sendcookie

Thank You.

More Writeups are coming soon.