🌐 GET AHEAD
A detailed write-up of the Web challenge 'GET AHEAD' from PicoCTF - 2021
📊 Challenge Overview
Category Details Additional Info 🏆 Event PicoGym Event Link 🔰 Category Web 🌐 💎 Points Out of 500 total ⭐ Difficulty 🟢 Easy Personal Rating: 0/10 👤 Author madStacks Profile 🎮 Solves 96.582 solve rate 📅 Date 30-01-2025 PicoGym 🦾 Solved By mH4ck3r0n3 Team:
📝 Challenge Information
Find the flag being held on this server to get ahead of the competition http://mercury.picoctf.net:21939/
🎯 Challenge Files & Infrastructure
Provided Files
1Files: None
🔍 Initial Analysis
First Steps
Initially, the website appears as follows:
Site Presentation there was nothing interesting except for two buttons that changed the background color. So, given the name of the challenge, I tried making a HEAD request. Let’s move on to the exploit.
🎯 Solution Path
Exploitation Steps
Exploitation
The exploitation phase only involved making a HEAD request, since as soon as the page was visited, a POST request was made. So, I decided to perform it using curl:
1curl -I "http://mercury.picoctf.net:21939/index.php"Once I made the request for the header, the flag was contained within it.
Flag capture
Manual Flag
🛠️ Exploitation Process
Approach
The exploit simply makes a HEAD request and retrieves the flag from the response header.
🚩 Flag Capture
Flag
Proof of Execution
Screenshot of successful exploitation Automated Flag
🔧 Tools Used
Tool Purpose Python Exploit Curl Web Testing
💡 Key Learnings
Skills Improved
- Binary Exploitation
- Reverse Engineering
- Web Exploitation
- Cryptography
- Forensics
- OSINT
- Miscellaneous
📊 Final Statistics
| Metric | Value | Notes |
|---|---|---|
| Time to Solve | 00:00 | From start to flag |
| Global Ranking | Challenge ranking | |
| Points Earned | Team contribution |
Created: 30-01-2025 • Last Modified: 30-01-2025 *Author: mH4ck3r0n3 • Team: *