{%hackmd Y7Gu-IQIQUWGHO_MeieqvQ %} # PRIVATE AGENT CYBERTALENTS WRITEUP The challenge was just requesting one to find the user-agent that will allow one acess the site. ![](https://i.imgur.com/aIafDaC.png) So after opening the site we see the following; ![](https://i.imgur.com/MW1PuPw.png) so at first i looked at the source code and saw nothing only to realise that at the bottom of it there was a commented line. I used the curl command and saw the user-agent ``` ┌──(c0d3x㉿pawn)-[~] └─$ curl http://wcamxwl32pue3e6meg23gk9h8z4km2360kxlcg30-web.cybertalentslabs.com/ <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>private-agent</title> <!-- Bootstrap --> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries --> <!--[if lt IE 9]> <script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script> <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script> <![endif]--> </head> <body style="background-color:#222831;"> <div style="text-align:center;"><img style="height:350px;" src="https://media.giphy.com/media/3HqPTBUMM2eXe/giphy.gif" alt="look for private agent"></div><br><br> <h1 style="color:red;text-align:center;"> Sorry , Private agent only can get in \!</h1> <!-- jQuery (necessary for Bootstrap's JavaScript plugins) --> <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script> <!-- Include all compiled plugins (below), or include individual files as needed --> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> <script> </script> </body> </html> <!-- TO_Be_Removed => Privet-Agent access => givittome--> ``` We can see the user agent *givittome* , so we have to change our user agent to that we can do this by using burpsuite or curl but i prefer curl, its kinda geeky ;). ``` ┌──(c0d3x㉿pawn)-[~] └─$ curl http://wcamxwl32pue3e6meg23gk9h8z4km2360kxlcg30-web.cybertalentslabs.com/ -A "givittome" <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>private-agent</title> <!-- Bootstrap --> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries --> <!--[if lt IE 9]> <script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script> <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script> <![endif]--> </head> <body style="background-color:#222831;"> <div style="text-align:center;"><img style="height:350px;" src="https://media.giphy.com/media/3HqPTBUMM2eXe/giphy.gif" alt="look for private agent"></div><br><br> <h1 style="color:#3eff00; margin-left:16%">Hello Ag3nt<br></h1><h2 style="color:#50d890;text-align:center;">Look for flag somewhere </h2> <!-- jQuery (necessary for Bootstrap's JavaScript plugins) --> <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script> <!-- Include all compiled plugins (below), or include individual files as needed --> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> <script> </script> </body> </html> ``` From the results we are told to look for the flag in there somewhere soo what come to my head is to inspect the headers. So I added -v to the command ``` ┌──(c0d3x㉿pawn)-[~] └─$ curl http://wcamxwl32pue3e6meg23gk9h8z4km2360kxlcg30-web.cybertalentslabs.com/ -A "givittome" -v * Trying 52.53.57.75:80... * Connected to wcamxwl32pue3e6meg23gk9h8z4km2360kxlcg30-web.cybertalentslabs.com (52.53.57.75) port 80 (#0) > GET / HTTP/1.1 > Host: wcamxwl32pue3e6meg23gk9h8z4km2360kxlcg30-web.cybertalentslabs.com > User-Agent: givittome > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Server: nginx/1.21.0 < Date: Sat, 27 Nov 2021 10:56:11 GMT < Content-Type: text/html; charset=UTF-8 < Content-Length: 1808 < Connection: keep-alive < X-Powered-By: PHP/7.2.34 < Xflag: W3lcome_Ag3nt8 < Vary: Accept-Encoding < <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>private-agent</title> <!-- Bootstrap --> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries --> <!--[if lt IE 9]> <script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script> <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script> <![endif]--> </head> <body style="background-color:#222831;"> <div style="text-align:center;"><img style="height:350px;" src="https://media.giphy.com/media/3HqPTBUMM2eXe/giphy.gif" alt="look for private agent"></div><br><br> <h1 style="color:#3eff00; margin-left:16%">Hello Ag3nt<br></h1><h2 style="color:#50d890;text-align:center;">Look for flag somewhere </h2> <!-- jQuery (necessary for Bootstrap's JavaScript plugins) --> <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script> <!-- Include all compiled plugins (below), or include individual files as needed --> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> <script> </script> </body> </html> ``` You noticed the Xflag header ;).