POST Practice

We are told to authenticate on a given URL using a POST request.

First of all, let’s make a GET request to check if we can have the credentials, using curl:

$ curl http://165.227.106.113/post.php
<h1%gt;This site takes POST data that you have not submitted!</h1><!-- username: admin | password: 71urlkufpsdnlkadsf -->  

And there we have it. Now we only need to use a POST request with this information. Using -d on curl to enter the request body sets the request method to POST by default, so there is no need to specify -X POST:

$ curl http://165.227.106.113/post.php -d 'username=admin&password=71urlkufpsdnlkadsf'  
<h1>CTFlearn{p0st_d4t4_4ll_d4y}</h1>