Tags: nc http netcat
Rating:
So, we start by netcatting into the server, to look around. After we solve the CAPTCHA, we can send an HTTP GET request to /:
```
GET / HTTP/1.1
Host: flag.local
```
After the HTTP headers, we are given some HTML, which includes an `````` to /login . Re-running netcat, we input
```
GET /login HTTP/1.1
Host: flag.local
```
This page has a form! To submit the form, we can input
```
POST /login HTTP/1.1
Host: flag.local
Content-Type: application/x-www-form-urlencoded
Content-Length: 38
user=realbusinessuser&pass=potoooooooo
```
This will give us a 301 to /, and a Cookie! Sending the Cookie to /, we are given the flag.
(On my off-laptop; don't have netcat. Will update soon)
