Try   HackMD

GET aHEAD

link: https://play.picoctf.org/practice/challenge/132?category=1&page=1

問題

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

解法

根據題目的標題 GET aHEAD,不難猜到~~(真的嗎?)~~這題要用 GET 方法去看他的 HEAD

看的方法有很多,這題原本想用 telnet 來看,但是後來發現 telnet 固定在 80 port,因此就改為使用 curl 指令來看。

但是用一般的 curl 只能得到 response body 而已,所以查了一下怎麼樣用 curlresponse header

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

來源: https://dotblogs.com.tw/I_know_why_I_am/2020/10/17/184012

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More → 

curl -I http://mercury.picoctf.net:47967/

然後就會得到 Header

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

結案!

結語

依然是salid
這題可能用 dev tools 來解比較吃力,最好要用 Burp Suite,但是我想說順便練一下 linux 操作,所以就用 curl 來試試看了!

Last changed by 
CXPhoenix
0
131

Read more

login

picoCTF 2021, Web Exploitation, 40 points

Jul 7, 2023
Cookies

picoCTF 2021, Web Exploitation, 40 points

Jul 7, 2023
Local Authority

picoCTF 2022, Web Exploitation, 100 points

Jun 27, 2023
Python Wrangling

picoCTF 2021, General Skills, 10 points

Jun 27, 2023
Read more from CXPhoenix
Published on HackMD