Takoma Park CTF 2017 - Method [50]
Methods
First of all, maybe you need some reference before to solve this problem:
cURL, cURL Custom Request Method
Make the server give you the flag. Navigate to the problem page from here.
Author: Steven Su
If you open the /description , it will says:
Just a reminder --
Description: Make the server give you the flag. Use the problems page here.
Hint(s): I don't think you get it.
What if the hint is "Methods"(?)
Google with keyword "curl method". You can click it on reference list above.
" Curl offers a series of different http method calls that are prefixed with a X,
but also offers the same methods without. .."
$man curl
------------------------------
-X, --request <command>
(HTTP) Specifies a custom request method to use when communicating with the HTTP server.
The specified request method will be used instead of the method otherwise used (which defaults to GET).
Read the HTTP 1.1 specification for details and explanations.
".. Read the HTTP 1.1 specification for details and explanations. .."
Gotcha: Method Definitions
9.2 OPTIONS
The OPTIONS method represents a request for information about the communication options available on
the request/response chain identified by the Request-URI. This method allows the client to determine
the options and/or requirements associated with a resource, or the capabilities of a server, without
implying a resource action or initiating a resource retrieval.
$curl -v -X OPTIONS http://methods.tpctf.com/problem
* Trying 216.239.36.21...
* TCP_NODELAY set
* Connected to methods.tpctf.com (216.239.36.21) port 80 (#0)
> OPTIONS /problem HTTP/1.1
> Host: methods.tpctf.com
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: text/html; charset=utf-8
< Allow: OPTIONS, HEAD, DELETE, POST, GET
< Set-Cookie: session=eyJfcGVybWFuZW50Ijp0cnVlfQ.DQbMIQ.SfayDRGmnWjClUgFA2NFacuZE1k; Expires=Mon, 04-Dec-2017 12:28:01 GMT; HttpOnly; Path=/
< X-Cloud-Trace-Context: 8dbfa914635c133965368a49b20c74ae;o=1
< Date: Mon, 04 Dec 2017 12:08:01 GMT
< Server: Google Frontend
< Content-Length: 0
< Expires: Mon, 04 Dec 2017 12:08:01 GMT
< Cache-Control: private
<
* Curl_http_done: called premature == 0
* Connection #0 to host methods.tpctf.com left intact
Allow: OPTIONS, HEAD, DELETE, POST, GET.
Try it one by one.
curl -v -X DELETE http://methods.tpctf.com/problem
* Trying 216.239.32.21...
* TCP_NODELAY set
* Connected to methods.tpctf.com (216.239.32.21) port 80 (#0)
> DELETE /problem HTTP/1.1
> Host: methods.tpctf.com
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: text/html; charset=utf-8
< Set-Cookie: session=eyJfcGVybWFuZW50Ijp0cnVlfQ.DQbNMg.pk56_H3QtirwqwlYgbgyDOhdqD4; Expires=Mon, 04-Dec-2017 12:32:34 GMT; HttpOnly; Path=/
< X-Cloud-Trace-Context: 95b0ec410e3b4bd9d005b454e686609d;o=1
< Date: Mon, 04 Dec 2017 12:12:34 GMT
< Server: Google Frontend
< Content-Length: 58
< Expires: Mon, 04 Dec 2017 12:12:34 GMT
< Cache-Control: private
<
* Curl_http_done: called premature == 0
* Connection #0 to host methods.tpctf.com left intact
Flag: tpctf{so_post_and_get_are_not_the_only_http_methods}