GET

Objective: The exercise above seems to be broken, as it returns incorrect results. Use the browser devtools to see what is the request it is sending when we search, and use cURL to search for 'flag' and obtain the flag.

Target(s): 94.237.55.43:49275

Note: I'm using Pwnbox, so you don’t need to set up a local VM for this.

First, navigate to your target ip on your browser : http://<target ip>/

You'll see you will need a valid credentials, which is here admin:admin.

To search for 'flag' using cURL, we will use the following command: -u admin:admin 'http://<SERVER_IP>:<PORT>/search.php?search=flag'

where, -u flag is used to provide credentials (username:password).

Flag captured: HTB{curl_g3773r}