## Web/Flag Holding (289 solves)
> Hopefully you know how web works...

Initially with the webserver given I visit the page, and this particular portion of text is displayed:

`You are not coming from "http://flagland.internal/”`

I move to cURL to do this challenge, and determine this is probably referring to the `Referer` header.

```
$ curl "http://18.184.219.56:8080/" -H "Referer: http://flagland.internal/"
Unspecified "secret".
```

Interesting, I make a new parameter `secret` and set it with a value of `1`.

```
$ curl "http://18.184.219.56:8080/?secret=1" -H "Referer: http://flagland.internal/"
Incorrect secret.

Original writeup (https://seall.dev/posts/mapnactf2024#webflag-holding-289-solves).