picoCTF - get aHEAD

Description

Find the flag being held on this server to get ahead of the competition http://mercury.picoctf.net:47967/

Hint 1 - Maybe you have more than 2 choices. Hint 2 - Check out tools like Burp suite to modify your requests and look at the responses. Here the title itself is saying to get a HEAD method, let’s see…. Step-1: Open the website and explore the site, check its page source, and inspect it.

Step-2: As said in the hint I intercepted a request using burp while changing color to red and then sent it to the repeater.

Step – 3: I intercepted the request again for changing color to blue and sent it to the repeater.

Step -4: Now inspect both the requests…, after inspection, I found that the GET method is used for the red background and the POST method for the blue background. When the POST is modified to GET then the response gives red background only

Step – 5: According to the challenge, we will change the POST method to the HEAD method, and voila! We have our flag.

Flag : picoCTF{r3j3ct_th3_du4l1ty_cca66bd3}