Hello,
I will put this here just in-case anyone needs it, i had quite sometime finding the flag. here’s a tip to solving this question,
The exercise above seems to be broken, as it returns incorrect results. Use the browser devtools to see what is the request it is sending when we search, and use cURL to search for ‘flag’ and obtain the flag;
when using curl to search for ‘flag’ to obtain the flag, we do;
am using firefox after finding the request you looking for by looking at file category very well:
1 - you can just open (response) tap to the request in the network section of the devtools
2 - you can right click on the request and hit copy as curl , run on it on your terminal and here you are
I find it funny that no where in the lesson does it tell you or hints to putting search= flag in the url !!! thats why people get confused in order to do it correctly this should be shown in the lesson
By curiosity just wanted to know how it works, like, why does we have the correct output using curl and it doesn’t show anything via browser? I’m trying to find anything related to this but nothing for now.
Hey guys, I’ve gone through the lesson and I think I understand it all.
I know what I’m supposed to be seeing when i search in the browser page we get taken to (search.php?search=flag) but instead I’m seeing what shown above.
Does anyone know what’s gone wrong or if I’m just an idiot and not seeing the obvious thing in front of me?
I’ve tried resetting both my pwnbox and machine already but neither thing helped so I’m wondering if I’ve just put in the wrong commands instead