Challenge Description:-
Find the flag being held on this server to get ahead of the competition http://mercury.picoctf.net:47967/
Points: 20
The Walkthrough: –
The title of the challenge is interesting, the first instinct is that there is something hidden in the headers but let’s look at Hints
Hint 1: –
Maybe you have more than 2 choices
1 .Let’s look at the HTML source code for this:-
<div class="col-md-6">
<div class="panel panel-primary" style="margin-top:50px">
<div class="panel-heading">
<h3 class="panel-title" style="color:red">Red</h3>
</div>
<div class="panel-body">
<form action="index.php" method="GET">
<input type="submit" value="Choose Red"/>
</form>
</div>
</div>
</div>
<div class="col-md-6">
<div class="panel panel-primary" style="margin-top:50px">
<div class="panel-heading">
<h3 class="panel-title" style="color:blue">Blue</h3>
</div>
<div class="panel-body">
<form action="index.php" method="POST">
<input type="submit" value="Choose Blue"/>
</form>
</div>
</div>
</div>2. Check out tools like Curl , Burpsuite , ZAP to modify your HTTP requests and look at the responses
curl -I HEAD -i http://mercury.picoctf.net:47967/HTTP/1.1 200 OK
flag: picoCTF{r3j3ct_th3_du4l1ty_cca66bd3}
Content-type: text/html; charset=UTF-8The above curl request returns the flag.
The above Burp request returns the flag in response.