Open in app

Sign in

Write

Sign in

TryHackMe: Web Fundamentals Walkthrough

Sakshi Aggarwal
3 min readOct 11, 2020

--

Learn how the web works!

TryHackMe | Web Fundamentals

TryHackMe is an online platform for learning and teaching cyber security, all through your browser.

tryhackme.com

Task[1]: Intro

Task[2]: How do we load websites?

Read and understand the information and get the answers to the questions.

Task[3]: More HTTP — Verbs and request formats

Read and understand the information to get the answers to question 1–3.

I got the answer to the questions 4 and 5 by visiting the link which was provided in the information part: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status

Task[4]: Cookies, tasty!

Read and understand the information.

Task[5]: Mini CTF

Read and understand the information.

Task:

There’s a web server running on http://MACHINE_IP:8081. Connect to it and get the flags!

  • GET request. Make a GET request to the web server with path /ctf/get
  • POST request. Make a POST request with the body “flag_please” to /ctf/post
  • Get a cookie. Make a GET request to /ctf/getcookie and check the cookie the server gives you
  • Set a cookie. Set a cookie with name “flagpls” and value “flagpls” in your devtools and make a GET request to /ctf/sendcookie

We can do the assigned task both by using our browser or using curl command in terminal.

Task 5–1: What’s the GET flag?

Answer:

To make a get request the command used is:

curl http://10.10.19.91:8081/ctf/get

Another way to do this task is that we can directly visit http://10.10.19.91:8081/ctf/get in our browser. By default the browser makes a GET request.

Task 5–2: What’s the POST flag?

Answer:

To make a POST request the command used is:

curl -X POST — data flag_please http://10.10.19.91:8081/ctf/post

  • -X flag is used to specify the request type. curl make a GET request by default.
  • — data flag is used to send a data along with the request

Task 5–3: What’s the “Get a cookie” flag?

Answer:

Again there are two ways to do this task. One is using browser and the other is using terminal.

Using browser:

Make a request to: http://10.10.19.91:8081/ctf/getcookie

To check the cookies(For firefox browser): Right click on the page>>Inspect Element>> Storage>> Cookies>> Get the flag

Using terminal:

Use the command: curl -c - ‘10.10.19.91:8081/ctf/getcookie’

Task 5–4: What’s the “Set a cookie” flag?

Answer:

curl — cookie ‘name=value’ URL

curl — cookie ‘flagpls=flagpls’ http://10.10.19.91:8081/ctf/sendcookie

— cookie is used to set a cookie.

Thanks for reading!!!

Web Security
Tryhackme Walkthrough
Cybersecurity
Web
Linux

--

--

Sakshi Aggarwal

Written by Sakshi Aggarwal

80 Followers

Digital forensics enthusiast | Cyber security | Bug hunter | Java | Python | Analyzer

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams