Web request - get

Hello,
I will put this here just in-case anyone needs it, i had quite sometime finding the flag. here’s a tip to solving this question,

The exercise above seems to be broken, as it returns incorrect results. Use the browser devtools to see what is the request it is sending when we search, and use cURL to search for ‘flag’ and obtain the flag;

when using curl to search for ‘flag’ to obtain the flag, we do;

(x69㉿X69HAK3R)-[~/Desktop/HACKTHEBOX/HTBacademy]
└─$ curl ‘http://188.166.172.138:31178/search.php?search=flag’ -H ‘Authorization: Basic YWRtaW46YWRtaW4=’ -i -v

this gives you the flag.
cheers :hugs: i hope to post more help, as i can .

5 Likes

curl http://admin:admin@134.209.186.13:32271/search.php\?search\=flag -vvv works too

1 Like

Hi mate

I tried both the curl you said not seem to have any luck. Just wondering what i am doing wrong as have it like this.

curl http://165.232.42.183:32206/search.php?search=flag -H Authorization: Basic YWRtaW46YWRtaW4= -i -v

curl http://admin:admin@http://165.232.42.183:32206//search.php?search=flag

Many Thanks

Kapz

1 Like


Worked for me=== curl http://admin:admin@144.126.228.187:32708/search.php\?search\=flag

1 Like

thanks, this did help.

am using firefox after finding the request you looking for by looking at file category very well:
1 - you can just open (response) tap to the request in the network section of the devtools
2 - you can right click on the request and hit copy as curl , run on it on your terminal and here you are

Still not working for me

Question
How did you do this? Give me some guidance?

I find it funny that no where in the lesson does it tell you or hints to putting search= flag in the url !!! thats why people get confused in order to do it correctly this should be shown in the lesson

when explained properly people wouldnt have an issue getting it

By curiosity just wanted to know how it works, like, why does we have the correct output using curl and it doesn’t show anything via browser? I’m trying to find anything related to this but nothing for now.

Hey guys, I’ve gone through the lesson and I think I understand it all.
I know what I’m supposed to be seeing when i search in the browser page we get taken to (search.php?search=flag) but instead I’m seeing what shown above.

Does anyone know what’s gone wrong or if I’m just an idiot and not seeing the obvious thing in front of me?

I’ve tried resetting both my pwnbox and machine already but neither thing helped so I’m wondering if I’ve just put in the wrong commands instead

Hey, everybody! :wave:

Does anyone know why this works only in cURL and is not displayed in the browser (DevTools).

I want to get deeper into this topic.

Thanks in advance!

If you are using this format, curl [http://admin:admin@134.209.186.13:32271/search.php\?search\=flag]

do not include the escape characters.
use this curl http://admin:admin@134.209.186.13:32271/search.php?search=flag