[pwn.college] Talking Web — 2
To access the challenge enter cd /challenges to navigate to the folder that contains all the files required to solve the challenge or type /challenge/run to directly run the challenge binary
Level 13
This where things get a bit interesting. In this level, we need to specify an argument while making a http request using curl.
To solve this challenge, we need to know a little bit more about what HTTP Parameters are. HTTP Get parameters are pairs of names and their corresponding values i.e, name-value pairs that are added to the URL with a “?” sign and tell the server which resources are meant to be accessed. The name and value are always separated using a “=” sign.
Now, that we know this information, let us craft the query to access the resource.
So, the first part of the query looks almost the same in the end we just need to add the parameter using ? which would make the query look like: curl http://localhost:80?a=.
Level 14
Let’s try to do this using netcat now.
This is again similar to the other netcat challenges. As usual, type nc localhost 80 and in the next line type GET /?a=.
Level 15
Moving on let’s implement the same thing in python now.
So, now that we know the parameters work, let us write a script by modifying the previous ones a bit.
import requests
data=requests.get('http://localhost/?a=<value_give>')
print(data.text)
Level 16
The set of challenges deals with passing multiple parameters to http requests.
As you might have already noticed, the parameter b contains a space, & and #. Hence, we need to use encode symbols in order to design a valid query. The ascii-hex values for the three characters are:
Space — %20
& — %26— %23
Hence the request would look something like curl http://localhost:80?a=17fb724ef08184eb6d7747830f526698&b=1dba13ad%2078f1814f%263d73d591%239b4b5917.
Level 17
Let’s try to send a request with multiple parameters using netcat.
The request looks quite similar to the one in the previous level. So as always, type nc localhost 80 and then in the next line enter GET /?a=5443f2808540ba4f95c90294beb9072c&b=54afb1de%208b79baa4%2672573ac2%23bbc59799.
Level 18
And now let’s try to do the same using python.
Let’s go back to our python script and modify the code a bit to have multiple parameters. The script basically looks like this:
import requests
data=requests.get('http://localhost/?a=fa1e445ca294440fe5c4dfe7d2c81544&b=1333036c%207f03ded2%261e3120c6%237ae93fab')
print(data.text)
Level 19
Things are starting to change a bit now. All this while we were working with GET requests now, we’ll try to make requests using POST method. In very simple terms, we use POST method to send data to the server while making a request, mostly for the purpose of storing it.
In this challenge, we need to use curl to make a POST request with the given parameter. For achieving this, we need to add a flag to the usual curl request we made in the previous levels. The flag -X is used to specify the method used which defaults to GET if nothing is mentioned and -d is used to provide the value of the data. Keeping all this in mind let us craft a query: curl http://localhost:80/ -X POST -d “a=”.
Level 20
Now, we need to use the POST method to make a request using netcat.
For this challenge, we are going to approach it a bit differently where we write the request body in a file and then pipe the value to nc for making the post request. We can create a new file using nano req and add the given content to it:
POST / HTTP/1.1
Host: localhost
Content-Length: 34
Content-Type: application/x-www-form-urlencoded
a=<value_provided>
Basically, we are defining the request method here and also very importantly, the type of content that is being sent has to also be sent along with the request body. Make sure that the following line is present in the request : Content-Type: application/x-www-form-urlencoded.
To connect to nc make use of the command cat req | nc localhost 80.
Level 21
This is the final challenge for this post, where we need to connect to make a http post request including form data through python.
Here, we just need to make a small modification to the previous req.py file used in level 18. The important thing to note is that we need to use requests.post() instead of requests.get() and in addition to this, we need to make use of the data parameter to pass the form data or the request body as a dictionary. The final query looks like:
import requests
data=requests.post('http://localhost/',data={'a':'727718b053b5596a7221f2a9e61e08dd'})
print(data.text)
Top comments (0)