Secret header

100pts

Based on the information from national Cyber Security Incident Response Team, one sevice is infected with malware and communicating with malicious C&C server.

Connecting to C&C server from other systems is impossible, since secret http header value is unknown.

Access the compromised server URL and find out secret HTTP header message.

When you go and browse the URL with curl you will notice that it redirects to page.php. If you curl that address you will get notified that you have to use firefox browser in linux and you can not use GET, PUT, OPTIONS, DELETE, HEAD or PATCH -reguests. As you can see you still can use POST method.

So crafting command witch uses curl and modify user agent to be as firefox at linux you get part the flag.

curl -vvv http://shared.target05:1235/page.php -X POST -H "User-Agent: Mozzilla/5.0 (X11; Linux x68_64; rv:91.0) Gecko/20100101 Firefox/91.0"

Then you will get the flag but you have to run it still through ROT13 as the hint shows. Cyberchef is good tool for that.

• Curl
• Firefox
• Cyberchef https://gchq.github.io/CyberChef/#recipe=ROT13(true,true,false,13)&input=OTQzcDQ2cnItMzMzNi00OG5zLW9vNzQtNDU5bzBzMzAzOTA3

943c46ee-3336-48af-bb74-459b0f303907

• Back to CTF Challenges page