HTTP
1)To get the flag, start the above exercise, then use cURL to download the file returned by '/download.php' in the server shown above.
curl IP/download.php
HTTP Requests and Responses
1) What is the HTTP method used while intercepting the request? (case-sensitive)
GET
2)Send a GET request to the above server, and read the response headers to find the version of Apache running on the server, then submit it as the answer. (answer format: X.Y.ZZ)
2.4.41
HTTP Headers
1)The server above loads the flag after the page is loaded. Use the Network tab in the browser devtools to see what requests are made by the page, and find the request to the flag.
curl 94.237.49.11:37693/flag_327a6c4304ad5938eaf0efb6cc3e53dc.txt
GET
1)The exercise above seems to be broken, as it returns incorrect results. Use the browser devtools to see what is the request it is sending when we search, and use cURL to search for 'flag' and obtain the flag.
获取 Authorization
curl http://admin:[email protected]:33285/
获取 flag
curl http://admin:[email protected]:33285/search.php?search=flag -H 'Authorization:Basic YWRtaW46YWRtaW4='
POST
1) Obtain a session cookie through a valid login, and then use the cookie with cURL to search for the flag through a JSON POST request to '/search.php'
登录获取 cooike
curl 94.237.59.185:30323 -v -X POST -d 'username=admin&password=admin'
获取flag
curl http://94.237.49.11:54155/search.php -v -X POST -d '{"search":"flag"}' -b 'PHPSESSID=dojvjj2mb0fs6tptngf0estn4i' -H 'Content-Type: application/json'
CRUD API
更改
curl http://94.237.62.195:31837/api.php/city/Walsall -X PUT -d '{"city_name":"flag"}' -H 'Content-Type: application/json'
删除
curl http://94.237.62.195:31837/api.php/city/London -X DELETE
访问
curl http://94.237.62.195:31837/api.php/city/flag
标签:Web,search,htb,94.237,admin,flag,Requests,php,curl
From: https://www.cnblogs.com/IFS-/p/17780225.html