TryHackMe – Web Fundamentals Mini CTF Walkthrough

Introduction

This mini CTF was part of the web fundamentals room and it aims to allow students to practice their web skills with GET/POST requests and cookies.

Visiting the web server to see what the challenges are:

The first challenge requires to perform a simple get request at /ctf/get, which can be done through a basic Curl command:

curl http://10.10.160.195:8081/ctf/get

The second one requires to issue a post request with “flag_please” as data at /ctf/post, which can be done through the following command:

curl -X POST -d "flag_please" http://10.10.160.195:8081/ctf/post

The next challenge requires to send a request at /ctf/getcookie and return back the cookies provided by the site:

curl http://10.10.160.195:8081/ctf/getcookie -c

Finally, the last one asked to send a request to /ctf/sendcookie, providing a cookie of “flagplease”, with a value of “flagplease”:

curl -b "flagpls=flagpls" http://10.10.160.195:8081/ctf/sendcookie

Conclusion

These challenges are great for someone who is starting to learn web pentesting or web requests in general, to be able to understand how it works and in future exploit it better.