Rating: 2.0


RFC 7230
(web, 50 points)

"Get just basic information from this server (ctf.ekoparty.org)"


RFC 7230 is an immediate hint as it refers to the HTTP protocol, so this challenge is definitely something to do with HTTP headers. There are quite a few HTTP methods though, such as the common "GET", "POST", and "HEAD". My immediate thought was the HEAD method, however this lead nowhere. There is however one that I hadn't considered for a while that was a bit obscure, which was the "OPTIONS" header. Sending an OPTIONS header request to the server via curl, we can see our flag in the response.

curl -i -X OPTIONS http://ctf.ekoparty.org/

HTTP/1.1 301 Moved Permanently
Server: EKO{this_is_my_great_server}
Date: Fri, 28 Oct 2016 03:44:02 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://ctf.ekoparty.org/

Flag: EKO{this_is_my_great_server}

Original writeup (http://specterdev.blogspot.ca/2016/10/write-up-ekoparty-2016-ctf-web-25-50.html).