Method in the Madness Writeup
Nahamcon 2025
Solved by thewhiteh4t
Six checkboxes are displayed, when we click on /interesting
one checkbox is ticked. Goal was to tick all checkbox and hope for it to reveal the flag.
Hint is in the name of the challenge : Method → HTTP Methods
So we just have to try different methods on /interesting
curl http://challenge.nahamcon.com:31661/interesting
curl -X POST http://challenge.nahamcon.com:31661/interesting
curl -X PUT http://challenge.nahamcon.com:31661/interesting
curl -X PATCH http://challenge.nahamcon.com:31661/interesting
curl -X DELETE http://challenge.nahamcon.com:31661/interesting
curl -X OPTIONS http://challenge.nahamcon.com:31661/interesting
After running all curl command, flag appears!
Key Learning and Takeaways
- Beyond Just GET and POST : We all know GET and POST methods, but there are more HTTP methods such as :
- PUT (for creating or updating resources)
- PATCH (for partial updates)
- DELETE (for removing resources)
- OPTIONS (for asking the server what methods it supports)
- This challenge was a perfect example of how foundational web knowledge combined with simple tools can show new things while testing.