Private Agent

Private Agent Challenge From CyberTalents | Web - Easy

Hello Hackers !!

in this post I'll share my walkthrough for Private Agent Challenge from CyberTalents.

Challenge Description

Only private agents can make their way to the gate.

Look Farther

You should always think about any challenge or a lab name. Sometime it`s a lead or a hint for solution.

So it is obvious that the challenge related somehow by User Agent

What is User Agent?

The User-Agent request header is a characteristic string that lets servers and network peers identify the application, operating system, vendor, and/or version of the requesting user agent.

You can know more about User Agent from Mozilla Developers

Solution Walkthrough

Once we get into challenge link we got this page contain a message that tell us that “Private agent only can get in” and memory eraser from men in black movie 😎

Keep It Simple

I used to go through very basic recon steps when playing CyberTalents Challenges.

Also this Challenge rating is easy, so you must start from the most basics things.

• Open source code and notice anything interesting

You will notice that there is nothing in this section of the page.

But wait, just scroll a bit for bottom of the page.

You will find this comment <!-- TO_Be_Removed => Privet-Agent access => givittome-->

So without any other thinking inject this value givittome in user-agent header in burpsuit

Notice the flag is been appeared in response headers

FLAG: W3lcome_Ag3nt8