Hello,
I will put this here just in-case anyone needs it, i had quite sometime finding the flag. here’s a tip to solving this question,
The exercise above seems to be broken, as it returns incorrect results. Use the browser devtools to see what is the request it is sending when we search, and use cURL to search for ‘flag’ and obtain the flag;
when using curl to search for ‘flag’ to obtain the flag, we do;
am using firefox after finding the request you looking for by looking at file category very well:
1 - you can just open (response) tap to the request in the network section of the devtools
2 - you can right click on the request and hit copy as curl , run on it on your terminal and here you are
I find it funny that no where in the lesson does it tell you or hints to putting search= flag in the url !!! thats why people get confused in order to do it correctly this should be shown in the lesson
By curiosity just wanted to know how it works, like, why does we have the correct output using curl and it doesn’t show anything via browser? I’m trying to find anything related to this but nothing for now.
Hey guys, I’ve gone through the lesson and I think I understand it all.
I know what I’m supposed to be seeing when i search in the browser page we get taken to (search.php?search=flag) but instead I’m seeing what shown above.
Does anyone know what’s gone wrong or if I’m just an idiot and not seeing the obvious thing in front of me?
I’ve tried resetting both my pwnbox and machine already but neither thing helped so I’m wondering if I’ve just put in the wrong commands instead
Hello everyone, the question clearly asks to do it in the DevTool and not in the curl, so going with that you enter the ip and press F12 for the DevTool to show up, after that refresh the page so you can see all the request and reponses pop up, then click the GET Flag request, which opens a window on the right, then hover over the response tab and you can see your answer.
It seems that the issue is with the way the path and query is entered.
You have entered - http://165.232.42.183:32206/search.php?search=flag which may result in error such as "curl: (3) URL using bad/illegal format or missing URL
Correct URL format would be http://165.232.42.183:32206/search.php**\**?search**\**=flag