0

I'm doing a basic CTF at the moment. Using,

GET / HTTP/1.1

Host: subdomain.domain.com

I am getting the response:

<a href="/c98efc0d-5c3f-45ec-996a-2cb82d35ed26.html">follow this link to get easy flag (manual work)</a>
<a href="/deep/">follow this link to get harder flag (automatic work)</a>
<a href="/calculator/">follow this link to visit human calculator</a>

Now I assumed to find the flags, I would change my GET requests to the following:

GET /c98efc0d-5c3f-45ec-996a-2cb82d35ed26.html HTTP/1.1

Host: subdomain.domain.com

Result from this request

and

GET /deep/ HTTP/1.1

Host: subdomain.domain.com

Result from this request

What am I missing here?

Improve this question
2
  • The fact that the first link is full of numbers and have no letter apart from A B C D E F, and that the harder one is short till it leads to some seeming random letters make me think that the point of the CTF is to decipher the first link and to decipher the rest of the /deep/ page (Maybe using the first flag as a Vigenere Cipher key ?), perhaps "human calculator" is a clue or a help on how to do so. Commented Jun 5, 2020 at 12:28
  • 1
    keep following the href links. Commented Jun 11, 2020 at 7:36

1 Answer 1

Reset to default
2

Since GET /c98efc0d-5c3f-45ec-996a-2cb82d35ed26.html HTTP/1.1 returns a 400 Forbidden, but an href link before the header, you should follow those hyperlinks.

You are on the right way by using CURL or similar instead of a normal browser as a normal browser would show a 400 Forbidden screen but not the link that was sent to it before.

Just write a small script that will follow those requests while there is a link in the response. If you post the actual link of the CTF we might be able to give more specific answers.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.