Let's cURL

cURL is an important command line tool used to send requests to a web server.

It can be easily be installed on a Ubuntu system by typing

sudo apt-get install curl

Google can help you, if you are on something else. Grab hold of someone living if google can't.

Basic Usage

Sending a simple get request

curl www.example.com

Writing the output to a file

curl -o filename.html www.example.com

Username and password (HTTP Simple Auth)

curl -u user:password http://example.org/

or

curl http://user:password@example.org/

Send a post request

curl --data name=example http://example.com

Adding a Referer

curl --referer http://www.whereyoucamefrom.com http://www.example.com

Adding a User Agent

curl --user-agent "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" http://example.com

Specifying methods (GET/POST/PUT/DELETE/PATCH)

curl -X METHOD http://example.com

Specifying headers

curl --header "key: value" http://example.com

The challenge

URL: http://54.67.60.49:4500
The URL for some steps might be URL/id (where id is the id key)

  1. Send a get request to URL. The output will be a json object with data as a unique hash.
  2. Send the hash you get as the output of previous step as a "SESSION" header. The output will be a json object with some key value pairs.
  3. Change the value of user_id in the hash to "0". (HINT: PUT)
  4. Delete the object of that id after user_id is changed to zero. (HINT: DELETE)
  5. Send an empty post request to URL.
  6. Profit!

After Challenge Update

Since this blog post was initially written for a Byld Scripting Challenge, here is the link to the repo with the challenge server code. You can easily host it and try out the challenge if you like (or play around with cURL). There are two FLAGs to be retrieved in this challenge - one by completing the steps above, and another by looking at the code and finding the right things :)

https://github.com/rush-skills/curl1

References