Hi!
I triying to get flag WEB REQUESTS/ CRUD API
First, try to update any city’s name to be ‘flag’. Then, delete any city. Once done, search for a city named ‘flag’ to get the flag.
I try to list directories whith gobuster but not works ( no result) and i try to guess the php to list with force brute ( search.php, search.html…)the cities (no result )the web its blank and i dont know how to get more info about the target.
somebody can give me some clue? not solution please.
This is kind of a hard one to give a clue for. You should be able to list all of the cities without gobuster, the module mentions this:
curl -s http://<SERVER_IP>:<PORT>/api.php/city/ | jq
If you add a city named flag, then use that command you should see it listed.
For a slightly bigger push, almost a solution really, give this thread a read, he had similar issues:
Thx for the comment
The issue is
└──╼ [★]$ curl 206.189.115.160:30673/index.php -i
HTTP/1.1 200 OK
Date: Wed, 17 Aug 2022 13:54:36 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 0
Content-Type: text/html; charset=UTF-8
but
──╼ [★]$ curl 206.189.115.160:30673/api.php -i
HTTP/1.1 404 Not Found
Date: Wed, 17 Aug 2022 13:55:51 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 23
Content-Type: text/html; charset=UTF-8
the question is how to know the name of the php , it could be called search.php instead of api.php , however I don’t have a way to list the root .php.
Ohhhhhhh, I get it now. Sorry, I had misread your question. Yeah the assignment basically follows the same convention. The answer to your question is fuzzing.
Fuzzing for APIs will be covered in later modules if you are on the CBBH path.
The fuzzing with FFuF module will teach you to use a wordlist like the one found at: /opt/useful/SecLists/Discovery/Web-Content/api/objects.txt. Then try each word with a .php extension. And grep for something like incorrect table name. Hope this helps. I would tell you to continue on to the FFuF module, then come back to this.
-onthesauce
Thx, i wait the next module 