When we view the site, we learn the answer to the third question by clicking on the 'not safe' icon.
What does HTTP stand for?
"HyperText Transfer Protocol"
What does the S in HTTPS stand for?
"secure"
On the mock webpage on the right there is an issue, once you've found it, click on it. What is the challenge flag?
"THM{INVALID_HTTP_CERT}"
Task 2 Requests And Responses
What HTTP protocol is being used in the above example?
"HTTP/1.1"
What response header tells the browser how much data to expect?
"content-length"
Task 3 HTTP Methods
What method would be used to create a new user account?
"post"
What method would be used to update your email address?
"put"
What method would be used to remove a picture you've uploaded to your account?
"delete"
What method would be used to view a news article?
"get"
Task 4 HTTP Status Codes
What response code might you receive if you've created a new user or blog post article?
"201"
What response code might you receive if you've tried to access a page that doesn't exist?
"404"
What response code might you receive if the web server cannot access its database and the application crashes?
"503"
What response code might you receive if you try to edit your profile without logging in first?
"401"
Task 5 Headers
What header tells the web server what browser is being used?
"User-Agent"
What header tells the browser what type of data is being returned?
"Content-Type"
What header tells the web server which website is being requested?
"Host"
Task 6 Cookies
Which header is used to save cookies to your computer?
"set-cookie"
Task 7 Making Requests
For the first question, we 'GET' our request and make the URL address 'http://tryhackme.com/room'. And we get the answer to the first question.
For the second question, we make a 'GET' request and write 'http://tryhackme.com/blog' to the URL address.
Then we click on the settings icon and enter the value requested from us in the question.
Then we press the 'Go' button and we get our flag.
For the third question, we select our request as 'DELETE' and write 'http://tryhackme.com/user/1' to the url address.
Then we get our flag.
For the fourth question, we choose our request as 'PUT' and write 'http://tryhackme.com/user/2' to the url address.
We write 'username' in the parameter section and set the value as 'admin'.
Then we get our flag.
For the last question, we select the parameter as 'POST' and set the username and password parameters. We discard the thm and letmein values, respectively.
We write 'http://tryhackme.com/login' to the URL address. And we request.
Then we get our last flag.
The answers to the questions are as follows.
Make a GET request to /room
"THM{YOU'RE_IN_THE_ROOM}"
Make a GET request to /blog and using the gear icon set the id parameter to 1 in the URL field
"THM{YOU_FOUND_THE_BLOG}"
Make a DELETE request to /user/1
"THM{USER_IS_DELETED}"
Make a PUT request to /user/2 with the username parameter set to admin
"THM{USER_HAS_UPDATED}"
POST the username of thm and a password of letmein to /login
