Web Fundamentals Room WriteUp

This is my write ups for Web Fundamentals Room on Try Hack Me.

This room is a Walkthrough type of room

I will not go deep into why the answer is "x" or "y", that part is your job to understand what the room is trying to teach you.

---

Task 1 - Introduction and objectives

• No answer needed for this task

Task 2 - How do we load websites

• What request verb is used to retrieve page content? - GET

• What port do web servers normally listen on? - 80

• What's responsible for making websites look fancy? - CSS

Task 3 - More HTTP-Verbs and request formats

• What verb would be used for a login? - POST

• What verb would be used to see your bank balance once you're logged in? - GET

• Does the body of a GET request matter? Yea/Nay - Nay

• What's the status code for "I'm a teapot"? - 418

• What status code will you get if you need to authenticate to access some content, and you're unauthenticated? - 401

Task 4 - Cookies, tasty!

• No answer needed for this task

Task 5 - Mini CTF

• Lets start the machine and get all 4 flags shall we ?

• We are going to use curl to get all the flags.

• Flag 1 :

curl -X GET http://10.10.213.245:8081/ctf/get

• You can run curl --help all to see how curl works, the flag -X is used to Specify request command to use, which mean -X GET will let curl know that we are going to use GET request for this url. Or just use -G.

curl -G http://10.10.213.245:8081/ctf/get

• Flag 2 :

curl -X POST -d "flag_please" http://10.10.213.245:8081/ctf/post

• Again, to understand what the flag -d do, you can run curl --help all, i will leave that to you to figure it out by yourself instead of me explain everythin :D

• Flag 3 :

curl -c cookie -G http://10.10.213.245:8081/ctf/getcookie

• cat the context of the cookie file you just create to get the flag.

• Flag 4 :

curl --cookie "flagpls=flagpls" -G http://10.10.213.245:8081/ctf/sendcookie

Or

curl -b "flagpls=flagpls" -G http://10.10.213.245:8081/ctf/sendcookie