Method in the Madness Writeup

Solved by thewhiteh4t

Six checkboxes are displayed, when we click on /interesting one checkbox is ticked. Goal was to tick all checkbox and hope for it to reveal the flag.

Hint is in the name of the challenge : Method → HTTP Methods

So we just have to try different methods on /interesting

curl http://challenge.nahamcon.com:31661/interesting
curl -X POST http://challenge.nahamcon.com:31661/interesting
curl -X PUT http://challenge.nahamcon.com:31661/interesting
curl -X PATCH http://challenge.nahamcon.com:31661/interesting
curl -X DELETE http://challenge.nahamcon.com:31661/interesting
curl -X OPTIONS http://challenge.nahamcon.com:31661/interesting

After running all curl command, flag appears!

Key Learning and Takeaways

• Beyond Just GET and POST : We all know GET and POST methods, but there are more HTTP methods such as :
  • PUT (for creating or updating resources)
  • PATCH (for partial updates)
  • DELETE (for removing resources)
  • OPTIONS (for asking the server what methods it supports)
• This challenge was a perfect example of how foundational web knowledge combined with simple tools can show new things while testing.