Web Fundamentals - Write-up - TryHackMe

Information

Room#

• Name: Web Fundamentals
• Profile: tryhackme.com
• Difficulty: Easy
• Description: Learn how the web works!

Write-up

Overview#

Install tools used in this WU on BlackArch Linux:

$ sudo pacman -S curl

Disclaimer: all the answer are well explained on the room description so I won't detail them here.

How do we load websites?#

What request verb is used to retrieve page content?

Answer: GET

What port do web servers normally listen on?

Answer: 80

What's responsible for making websites look fancy?

Answer: css

More HTTP - Verbs and request formats#

What verb would be used for a login?

Answer: POST

What verb would be used to see your bank balance once you're logged in?

Answer: GET

Does the body of a GET request matter? Yea/Nay

Answer: nay

What's the status code for "I'm a teapot"?

Answer: 418

What status code will you get if you need to authenticate to access some content, and you're unauthenticated?

Answer: 401

Mini CTF#

What's the GET flag?

Answer: thm{162520bec925bd7979e9ae65a725f99f}

curl -X GET http://10.10.205.207:8081/ctf/get

What's the POST flag?

Answer: thm{3517c902e22def9c6e09b99a9040ba09}

curl -X POST http://10.10.205.207:8081/ctf/post -d flag_please

What's the "Get a cookie" flag?

Answer: thm{91b1ac2606f36b935f465558213d7ebd}

curl -X GET http://10.10.205.207:8081/ctf/getcookie --head

What's the "Set a cookie" flag?

Answer: thm{c10b5cb7546f359d19c747db2d0f47b3}

curl -X GET http://10.10.205.207:8081/ctf/sendcookie -b 'flagpls=flagpls'