![[pwn.college] Talking Web — 1](https://media2.dev.to/dynamic/image/width=1000,height=500,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb31p5vayhhn0edpb13ig.png)
[pwn.college] Talking Web — 1
To access the challenge enter cd /challenges to navigate to the folder that contains all the files required to solve the challenge or type /challenge/run to directly run the challenge binary
Level 1
The first challenge deals with understanding curl which is a command-line tool for transferring data across networks.
When we run the file named run using ./run, we get the requirements of this challenge. It states that, we need to make a request to 127.0.0.1 (localhost) on port 80. To do that run the command: curl 127.0.0.1:80 , to get the flag.
Level 2
This challenge deals with understanding nc which is used to read from and write to network connections.
When we run the file named run using ./run, we get the requirements of this challenge. We basically need to connect to localhost in port 80 using nc. To do that run the command: nc localhost 80 and on the next line type GET / to get the flag. What you essentially doing here is, first establish a connection and then make a GET request to fetch the flag.
Level 3
In this challenge we need to make use of python to connect and get the flag.
Since, we need to make use of python, let us write small script to connect to the server. Navigate out of the challenge folder and into the home folder ( cd ~ ) since we have write permissions only there and create a python file using the command _nano req.py _. In req.py file write the following command:
import requests
data=requests.get('http://localhost:80')
print(data.text)
What we are doing here is that, we are making use of the requests library in python in order to connect to the server and get the flag. Save the file and run the python file using python3 req.py to get the flag.
Level 4
The next task is about setting the value of the host header in an HTTP request using curl.
Ok so we can see that the value of the header must be set to 63fee336d114015d8e3a9f913b2aadd5 from the description. This is a fairly straight forward thing to do with the help of the curl command. So, just run the following command: curl localhost -H “Host: ”.
Level 5
This challenge is similar to the previous once except we need to set the host header using nc.
So just like the challenge in level 2, connect to netcat using nc localhost 80 and then type GET / in the next line and then type Host: in the line after that. Voila you get the flag.
Level 6
We need to set the header using python now!
For this challenge we can modify the req.py file that we created in Level 3 to include headers while making the request. Modify the code in the file with the code given below:
import requests
url = 'http://localhost:80'
headers = {'Host':'<value_provided>'}
data = requests.get(url, headers=headers)
print(data.text)
Level 7
So, thing become a bit interesting here. We need to set the path to access the resource using curl.
Again using curl to achieve this makes it fairly straight forward. All you need to do is to type: curl http://localhost:80/ and that will give you the flag.
Level 8
Let’s try doing the same thing using nc now!
So, as a recap go back to the second challenge where you typed nc localhost 80 and then in the next line you gave GET / which meant get the resource from / path but since you want to access a different path now, type GET / instead and enter twice.
Level 9
As you might have guessed already let us do the same thing using python now.
For this, you just need to modify the code a bit from Level 3 and append the path to the end of the URL like given in the script below.
import requests
data=requests.get('http://localhost/<value_provided>')
print(data.text)
Level 10
Moving on to the next step, we have to encode the path now while making a request using curl.
As you might have already noticed, the path given in the challenge contains spaces and the URL cannot contain any spaces. In order to solve this issue we need to have an encoded symbol in the path in order to make a valid request. So, we’ll just use the percent encoding where 20 is ascii value of space in ascii and hence the encoded value is %20. The solution for the above challenge can be achieved by typing the following: curl http://localhost:80/c9224744%209799c1c2/448c7837%201469bf7d.
Level 11
This level is also about encoding a url path while connecting through netcat.
As usual type nc localhost 80 and then on the next line, like the previous challenge, type GET /b3bce678%20397ae6ef/65fb8bf0%20b2cf422d .
Level 12
Let’s try to do the same using python now.
Let us go back to the script from Level 9 and modify it like what we did for the last two challenges.
import requests
data=requests.get('http://localhost/ce074781%20dc0bb18f/95ca3a34%20aa4e8819')
print(data.text)
The link to part — 2 of this series will be updated soon. Stay tuned for that!