search

Private Agent

Private Agent Challenge From CyberTalents | Web - Easy

Hello Hackers !!

in this post I'll share my walkthrough for Private Agent Challengearrow-up-right from CyberTalents.

Challenge Description

Only private agents can make their way to the gate.

hashtag
Look Farther

You should always think about any challenge or a lab name. Sometime it`s a lead or a hint for solution.

So it is obvious that the challenge related somehow by User Agent

hashtag
What is User Agent?

The User-Agent request header is a characteristic string that lets servers and network peers identify the application, operating system, vendor, and/or version of the requesting user agent.

You can know more about User Agent from Mozilla Developersarrow-up-right

hashtag
Solution Walkthrough

Once we get into challenge link we got this page contain a message that tell us that “Private agent only can get in” and memory eraser from men in black movie 😎

hashtag
Keep It Simple

I used to go through very basic recon steps when playing CyberTalents Challenges.

Also this Challenge rating is easy, so you must start from the most basics things.

  • Open source code and notice anything interesting

You will notice that there is nothing in this section of the page.

But wait, just scroll a bit for bottom of the page.

You will find this comment <!-- TO_Be_Removed => Privet-Agent access => givittome-->

So without any other thinking inject this value givittome in user-agent header in burpsuit

Notice the flag is been appeared in response headers

FLAG: W3lcome_Ag3nt8

PreviousBeyond the Desktop: Exploiting a Leaked Token for APINextIntro to Cybersecurity Bootcamp CTF Assessment

Last updated