POST

Objective: Obtain a session cookie through a valid login, and then use the cookie with cURL to search for the flag through a JSON POST request to '/search.php'

Target(s): 83.136.250.223:36383

Note: I'm using Pwnbox, so you don’t need to set up a local VM for this.

First, navigate to your target ip on your browser : http://<target ip>/

You'll see you will need a valid credentials, which is here admin:admin.

To open the browser devtools in either Chrome or Firefox, we can click [CTRL+SHIFT+I] or simply click [F12].

Next, navigate to the Network tab in your browser's Developer Tools and click on the POST request made to your target IP. Under the Headers>Request Headers section, you should be able to find the session cookie.

Session Cookie: PHPSESSID=nanheb4hqtenukns9isern11mj

To use cURL to search for the flag through a JSON POST request, we enter the following command:

curl -X POST -d '{"search":"flag"}' -b 'PHPSESSID=nanheb4hqtenukns9isern11mj' -H 'Content-Type:application/json' http://<target ip>/search.php?search=flag

-X POST flag: to send a POST request.

-d flag: To add our POST data after -X POST.

-b flag: to set session cookie.

-H flag: to specify as a header.

Flag captured: HTB{p0$t_r3p34t3r}