# HTB ACADEMY - Cracking into Hack the Box(Web Requests) 解題筆記 ## Web Requests :::warning 以下中文皆為DeepL翻譯 ::: HTTP == - To get the flag, start the above exercise, then use cURL to download the file returned by '/download.php' in the server shown above. > (要獲取標誌，請啓動上述練習，然後使用 cURL 下載上圖所示服務器中"/download.php "返回的文件。 ) `curl <SERVER_IP>:<PORT>/download.php`  - What is the HTTP method used while intercepting the request? (case-sensitive) > 攔截請求時使用的 HTTP 方法是什麼？(區分大小寫） Ans: get - Send a GET request to the above server, and read the response headers to find the version of Apache running on the server, then submit it as the answer. (answer format: X.Y.ZZ) > 向上述服務器發送 GET 請求，並讀取響應頭以查找服務器上運行的 Apache 版本，然後將其作為答案提交。(答案格式：X.Y.ZZ） `curl <SERVER_IP>:<PORT> -v`  --- Browser DevTools == - The server above loads the flag after the page is loaded. Use the Network tab in the browser devtools to see what requests are made by the page, and find the request to the flag. > 上述服務器會在頁面加載後加載標誌。使用瀏覽器 devtools 中的 "網絡 "選項卡查看頁面發出的請求，並找到對標誌的請求。 DeepL翻譯 Ans: 用瀏覽器連上 target ip 後開啟 開發人員工具, 就會看到 flag  --- HTTP Methods - GET == The exercise above seems to be broken, as it returns incorrect results. Use the browser devtools to see what is the request it is sending when we search, and use cURL to search for 'flag' and obtain the flag. > 上面的練習似乎出了問題，因為它返回的結果不正確。使用瀏覽器 devtools 查看搜索時發送的請求，然後使用 cURL 搜索 "flag "並獲取標誌。 `curl -v http://admin:admin@<SERVER_IP>:<PORT>`  `curl 'http://admin:admin@<SERVER_IP>:<PORT>/search.php?search=flag' -H 'Authorization: <your Authorization>'`  --- HTTP Methods - POST == - Obtain a session cookie through a valid login, and then use the cookie with cURL to search for the flag through a JSON POST request to '/search.php' > 透過有效登入取得會話cookie，然後使用該cookie和cURL透過對'/search.php'的JSON POST請求來搜尋標誌 `curl -X POST -d 'username=admin&password=admin' http://<SERVER_IP>:<PORT>/ -i`  `curl -X POST -d '{"search":"flag"}' -b 'PHPSESSID=< your Set-Cookie >' -H 'Content-Type: application/json' http://<SERVER_IP>:<PORT>/search.php`  --- CRUD API == - First, try to update any city's name to be 'flag'. Then, delete any city. Once done, search for a city named 'flag' to get the flag. > 首先，嘗試將任何城市的名稱更新為 "旗幟"。然後，刪除任何城市。完成後，搜索名為 "flag "的城市，以獲取旗幟。 1. `curl -X PUT http://<SERVER_IP>:<PORT>/api.php/city/Baltimore -d '{"city_name":"flag", "country_name":"flag"}' -H 'Content-Type: application/json'` 2. `curl -X DELETE http://<SERVER_IP>:<PORT>/api.php/city/Memphis` 3. `curl -s http://<SERVER_IP>:<PORT>/api.php/city/flag | jq`  > 如果這篇文章對您有幫助，可以花 30 秒登入 LikeCoin 並點擊下方拍手按鈕（最多五下！）給予免費的支持，讓我們一起創造更多有價值的內容。 <style> .likecoin-button { position: relative; width: 100%; max-width: 485px; max-height: 240px; margin: 0 auto 20px; /* 添加間距以分隔兩個部分 */ } .likecoin-button > div { padding-top: 49.48454%; } .likecoin-button > iframe { position: absolute; top: 0; left: 0; width: 100%; height: 100%; } .flex-container { display: flex; align-items: center; justify-content: center; /* 居中對齊元素 */ margin-bottom: 20px; /* 底部間距 */ } .flex-item { margin-right: 10px; /* 右邊間距 */ } </style> <!-- 將 "Buy me a coffee" 和 GIF 按鈕移到上方 --> <div class="flex-container"> <a href="https://www.buymeacoffee.com/jeffsie180" class="flex-item"> <img src="https://img.buymeacoffee.com/button-api/?text=Buy me a coffee&emoji=☕&slug=jeffsie180&button_colour=FFDD00&font_colour=000000&font_family=Lato&outline_colour=000000&coffee_colour=ffffff" /> </a> <iframe src="https://giphy.com/embed/FoAQVAmLEsOz8DV2HS" width="80" height="80" frameBorder="0" class="giphy-embed" allowFullScreen></iframe> </div> <!-- 將 LikeCoin 按鈕移到下方 --> <div class="likecoin-embed likecoin-button"> <div></div> <iframe scrolling="no" frameborder="0" src="https://button.like.co/in/embed/jeffsie180/button?referrer=hackmd.io"></iframe> </div>