HHC 2024 – cURLing

Act I kicks off with a terminal challenge. ELF NAME is looking for someone to practice some cURL with him. We can jump right into the silver medal challenge here before we get into solving the Gold Medal.

Silver Medal

Much like we saw with the prologue, the silver medal can be solved pretty simply by just following the prompts from the challenge. These questions and their associated solutions can be seen below.

  1. Unlike the defined standards of a curling sheet, embedded devices often have web servers on non-standard ports. Use curl to retrieve the web page on host “curlingfun” port 8080. If you need help, run the ‘hint’ command.
    • curl curlingfun:8080
  2. Embedded devices often use self-signed certificates, where your browser will not trust the certificate presented. Use curl to retrieve the TLS-protected web page at https://curlingfun:9090/
    • curl -k https://curlingfun:9090
  3. Working with APIs and embedded devices often requires making HTTP POST requests. Use curl to send a request to https://curlingfun:9090/ with the parameter “skip” set to the value “alabaster”, declaring Alabaster as the team captain.
    • curl -k https://curlingfun:9090 -d "skip=alabaster"
  4. Working with APIs and embedded devices often requires maintaining session state by passing a cookie. Use curl to send a request to https://curlingfun:9090/ with a cookie called “end” with the value “3”, indicating we’re on the third end of the curling match.
    • curl -k https://curlingfun:9090 --cookie "end=3"
  5. Working with APIs and embedded devices sometimes requires working with raw HTTP headers. Use curl to view the HTTP headers returned by a request to https://curlingfun:9090/
    • curl -k -i https://curlingfun:9090
  6. Working with APIs and embedded devices sometimes requires working with custom HTTP headers. Use curl to send a request to https://curlingfun:9090/ with an HTTP header called “Stone” and the value “Granite”.
    • curl -k https://curlingfun:9090 -H "Stone:Granite"
  7. curl will modify your URL unless you tell it not to. For example, use curl to retrieve the following URL containing special characters: https://curlingfun:9090/../../etc/hacks
    • curl -k --path-as-is "https://curlingfun:9090/../../etc/hacks"

Answering the above questions with the provided responses should result in the silver medal being awarded.

Gold Medal

Once the silver medal has been achieved, talking to the elf again will give us a hint towards the gold medal. Apparently there’s a way to complete the challenge using only 3 commands. I started by looking around on the terminal itself for any hints and a quick ls in the home directory revealed a file called HARD-MODE.txt. Checking this file out gives us the steps we need to complete in order to unlock the gold medal. We need to craft a curl request that does the following:

  1. HTTP POST request to https://curlingfun:9090
  2. Parameter “skip” set to “bow”
  3. Cookie “end” set to 10
  4. Header “Hack” set to “12ft”

This command can be seen below.

curl -k https://curlingfun:9090 -d "skip=bow" --cookie "end=10" -H "Hack:12ft"

Running this prompts us to use curl to access https://curlingfun:9090/../../etc/button. This command can be seen below:

curl -k --path-as-is https://curlingfun:9090/../../etc/button

Lastly, we need to use curl to access the page that https://curlingfun:9090/GoodSportsmanship redirects to. This can be done with:

curl -k -L https://curlingfun:9090/GoodSportsmanship

Running this will unlock the Gold Medal and complete the challenge.

Leave a Reply

Your email address will not be published. Required fields are marked *