Cup of Joe
[mega]
Cup of Joe
On the first leg of the journey, I was looking at all the life, there were plants and hills and rocks and things, there was java and mugs and caffeine.
Recon
Page is about coffee and java... Hyper Text Coffee Pot Control Protocol
From page source:
<!-- Pssst this is the actual admin. We were lying.
We do want tea. Can you make us some? I know we have pretty
teapots somewhere -->
<form action="/coffeepot" method="BREW">
<Input type="Submit" value="Give Us Coffee"/>
</form>
We send a BREW.
$ curl -vv -X BREW http://chal.tuctf.com:32000/coffeepot
Server responds with a HTCPCP response:
HTCPCP/1.0 200 Success!
Server: JavaServer
Content-Length: 1043
Content-Type: text/html
But admin wants tea instead. We BREW over at /teapot
curl -vv -X BREW http://chal.tuctf.com:32000/teapot
> BREW /teapot HTTP/1.1
> Host: chal.tuctf.com:32000
> User-Agent: curl/7.61.0
> Accept: */*
HTCPCP/1.0 418 I'm a teapot. Go to /broken.zip
Server: JavaServer
Content-Length: 0
Content-Type: Short and stout
flag
$ unzip -l broken.zip
Archive: broken.zip
Length Date Time Name
--------- ---------- ----- ----
0 2019-11-29 23:01 broken/
499999744 2019-11-29 07:06 broken/broken.img
28 2019-11-29 23:01 broken/flag.txt
--------- -------
499999772 3 files
TUCTF{d0_y0u_cr4v3_th3_418}