# Private Agent

Hello Hackers !!

in this post I'll share my walkthrough for [Private Agent Challenge](https://cybertalents.com/challenges/web/private-agent) from CyberTalents.

<mark style="color:yellow;">**Challenge Description**</mark>

Only private agents can make their way to the gate.

### <mark style="color:yellow;">**Look Farther**</mark>

You should always think about any challenge or a lab name. Sometime it\`s a lead or a hint for solution.

So it is obvious that the challenge related somehow by User Agent

### <mark style="color:yellow;">**What is User Agent?**</mark>

The **User-Agent** request header is a characteristic string that lets servers and network peers identify the application, operating system, vendor, and/or version of the requesting user agent.

You can know more about User Agent from [Mozilla Developers](https://developer.mozilla.org/en-US/docs/Glossary/User_agent)

### <mark style="color:yellow;">**Solution Walkthrough**</mark>

Once we get into challenge link we got this page contain a message that tell us that “Private agent only can get in” and memory eraser from men in black movie 😎

![](https://2341258708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNXCJWNoU0PexwJ6yBpmG%2Fuploads%2FBYCxDUnszkN15xFA5e1W%2F0?alt=media)

### <mark style="color:yellow;">**Keep It Simple**</mark>

I used to go through very basic recon steps when playing CyberTalents Challenges.

Also this Challenge rating is easy, so you must start from the most basics things.

* Open source code and notice anything interesting

You will notice that there is nothing in this section of the page.

![](https://2341258708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNXCJWNoU0PexwJ6yBpmG%2Fuploads%2FbfMEVhsPM6LRyJ2Ehbxt%2F1?alt=media)

But wait, just scroll a bit for bottom of the page.

You will find this comment `<!-- TO_Be_Removed => Privet-Agent access => givittome-->`

![](https://2341258708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNXCJWNoU0PexwJ6yBpmG%2Fuploads%2FfdWzWigTBumuuufV4M6D%2F2?alt=media)

So without any other thinking inject this value `givittome` in user-agent header in burpsuit

![](https://2341258708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNXCJWNoU0PexwJ6yBpmG%2Fuploads%2FW97SETbWS2JUiMnebGKp%2F3?alt=media)

Notice the flag is been appeared in response headers

<mark style="color:red;">**FLAG: W3lcome\_Ag3nt8**</mark>

![](https://2341258708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNXCJWNoU0PexwJ6yBpmG%2Fuploads%2FS1XFHxasebm6DKJXCnrw%2F4?alt=media)