web

Method in the Madness Writeup

Nahamcon 2025

Solved by thewhiteh4t

Six checkboxes are displayed, when we click on /interesting one checkbox is ticked. Goal was to tick all checkbox and hope for it to reveal the flag.

Hint is in the name of the challenge : Method → HTTP Methods

So we just have to try different methods on /interesting

curl http://challenge.nahamcon.com:31661/interesting
curl -X POST http://challenge.nahamcon.com:31661/interesting
curl -X PUT http://challenge.nahamcon.com:31661/interesting
curl -X PATCH http://challenge.nahamcon.com:31661/interesting
curl -X DELETE http://challenge.nahamcon.com:31661/interesting
curl -X OPTIONS http://challenge.nahamcon.com:31661/interesting

After running all curl command, flag appears!

Key Learning and Takeaways

  • Beyond Just GET and POST : We all know GET and POST methods, but there are more HTTP methods such as :
    • PUT (for creating or updating resources)
    • PATCH (for partial updates)
    • DELETE (for removing resources)
    • OPTIONS (for asking the server what methods it supports)
  • This challenge was a perfect example of how foundational web knowledge combined with simple tools can show new things while testing.
Published on : 31 May 2025