Tags: web 

Rating: 0

# Agent Keith

```
Keith was looking at some old browsers and made a site to hold his flag.

https://agent-keith.web.chal.hsctf.com
```

When we visit the site, we're immediately told our user-agent along with an access denied message.

![](https://raw.githubusercontent.com/shawnduong/ctf-writeups/master/2019-HSCTF6/images/agent-keith-1.png)

Looks like a user-agent spoofing challenge. Let's go ahead and look at the source code for hints as to what our user-agent should be.

```html

<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover">
<title>agent-keith</title>
<link rel="stylesheet" href="http://localhost:8002/static/style.css">
</head>
<body>
<main>
<h2>If you're not Keith, you won't get the flag!</h2>

Your agent is: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36


Flag: Access Denied



</main>
</body>
</html>
```

Looks like the user-agent that we need is

```
NCSA_Mosaic/2.0 (Windows 3.1)
```

Let's go ahead and make a request to the web page using Python in order to spoof our user-agent.

```
$ python
Python 3.7.3 (default, Mar 26 2019, 21:43:19)
[GCC 8.2.1 20181127] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import requests
>>> requests.get("https://agent-keith.web.chal.hsctf.com/", headers={"User-Agent": "NCSA_Mosaic/2.0 (Windows 3.1)"}).content
b'\n<html lang="en">\n <head>\n <meta charset="utf-8">\n <meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover">\n <title>agent-keith</title>\n <link rel="stylesheet" href="http://localhost:8002/static/style.css">\n </head>\n <body>\n <main>\n <h2>If you\'re not Keith, you won\'t get the flag!</h2>\n

Your agent is: NCSA_Mosaic/2.0 (Windows 3.1)

\n

Flag: hsctf{wow_you_are_agent_keith_now}

\n \n </main>\n </body>\n</html>'
```

The flag is in the body.

```
hsctf{wow_you_are_agent_keith_now}
```