Open in app

Sign in

Write

Sign in

TryHackMe — Web Fundamentals

Vaibhav Thukral
2 min readJun 13, 2021

[Task 1] Introduction and objectives

We’ll cover HTTP requests and responses, web servers, cookies and then put them all to use in a mini Capture the Flag at the end.

[Task 2] How do we load websites?

What request verb is used to retrieve page content?

Ans.GET request verb is used to retrieve page content

What port do web servers normally listen on?

Ans.Port listen on 80

What’s responsible for making websites look fancy?

Ans.CSS

[Task 3] More HTTP — Verbs and request formats

What verb would be used for a login?

Ans.POST verb used for a login

What verb would be used to see your bank balance once you’re logged in?

Ans.GET verb would be used to see your bank balance

Does the body of a GET request matter? Yea/Nay

Ans.Nay

What’s the status code for “I’m a teapot”?

Ans.418

What status code will you get if you need to authenticate to access some content, and you’re unauthenticated?

Ans.401

[Task 4] Cookies, tasty!

So what exactly cookies are it allows server to store and retrieve data from client and stored in a file on the client side which contains only text only not executable code and it cannot exceed 4K in size and allows for retaining state with the client’s help such as Session Management and User Preferences.

Why cookies ?

Because HTTP is Stateless means every request you make over http treated as independently

  • what independently means that the server does not retain state for clients
  • You have to give introduction everytime.

[Task 5]Mini CTF

Tasks

There’s a web server running on http://MACHINE_IP:8081. Connect to it and get the flags!

  • GET request. Make a GET request to the web server with path /ctf/get
  • POST request. Make a POST request with the body “flag_please” to /ctf/post
  • Get a cookie. Make a GET request to /ctf/getcookie and check the cookie the server gives you
  • Set a cookie. Set a cookie with name “flagpls” and value “flagpls” in your devtools (or with curl!) and make a GET request to /ctf/sendcookie

This is quite easy walkthrough you can use burpsuite if you want or you can follow their instructions

What’s the GET flag?

Ans To find GET just hit this url http://MACHINE_IP:8081/ctf/get and you will find flag thm{162520bec925bd7979e9ae65a725f99f}

What’s the POST flag?

Ans. By using command curl http://MACHINE_IP:8081/ctf/post -X POST — data “flag_please” you will get code thm{3517c902e22def9c6e09b99a9040ba09}

What’s the “Get a cookie” flag?

Ans.By going inspect element you will find cookies thm{91b1ac2606f36b935f465558213d7ebd}

What’s the “Set a cookie” flag?

Ans.thm{c10b5cb7546f359d19c747db2d0f47b3}

--

--

Vaibhav Thukral

Written by Vaibhav Thukral

2 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams