Tags: web 

Rating: 0

# Agent Keith

Keith was looking at some old browsers and made a site to hold his flag.


When we visit the site, we're immediately told our user-agent along with an access denied message.


Looks like a user-agent spoofing challenge. Let's go ahead and look at the source code for hints as to what our user-agent should be.


<html lang="en">
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover">
<link rel="stylesheet" href="http://localhost:8002/static/style.css">
<h2>If you're not Keith, you won't get the flag!</h2>

Your agent is: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36

Flag: Access Denied


Looks like the user-agent that we need is

NCSA_Mosaic/2.0 (Windows 3.1)

Let's go ahead and make a request to the web page using Python in order to spoof our user-agent.

$ python
Python 3.7.3 (default, Mar 26 2019, 21:43:19)
[GCC 8.2.1 20181127] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import requests
>>> requests.get("https://agent-keith.web.chal.hsctf.com/", headers={"User-Agent": "NCSA_Mosaic/2.0 (Windows 3.1)"}).content
b'\n<html lang="en">\n <head>\n <meta charset="utf-8">\n <meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover">\n <title>agent-keith</title>\n <link rel="stylesheet" href="http://localhost:8002/static/style.css">\n </head>\n <body>\n <main>\n <h2>If you\'re not Keith, you won\'t get the flag!</h2>\n

Your agent is: NCSA_Mosaic/2.0 (Windows 3.1)


Flag: hsctf{wow_you_are_agent_keith_now}

\n \n </main>\n </body>\n</html>'

The flag is in the body.