POST Practice
1 minute to read
We are told to authenticate on a given URL using a POST request.
First of all, let’s make a GET request to check if we can have the credentials, using curl
:
$ curl http://165.227.106.113/post.php
<h1%gt;This site takes POST data that you have not submitted!</h1><!-- username: admin | password: 71urlkufpsdnlkadsf -->
And there we have it. Now we only need to use a POST request with this information. Using -d
on curl
to enter the request body sets the request method to POST by default, so there is no need to specify -X POST
:
$ curl http://165.227.106.113/post.php -d 'username=admin&password=71urlkufpsdnlkadsf'
<h1>CTFlearn{p0st_d4t4_4ll_d4y}</h1>