Challenge Overview
The challenge involved using CURL to interact with a web service at 'curlingfun', demonstrating understanding of HTTP/HTTPS concepts and CURL command options.
Challenge Components
1. Non-Standard Ports
Task: Access webserver on non-standard port 8080
curl http://curlingfun:8080/
Concept: Web services can run on ports other than standard 80/443
2. Self-Signed Certificates
Task: Access HTTPS with self-signed cert
curl -k https://curlingfun:9090/
Concept: -k flag allows accepting untrusted certificates
3. POST Requests
Task: Send POST with "skip=alabaster"
curl -k -X POST -d "skip=alabaster" https://curlingfun:9090/
Concept: Sending data using HTTP POST method
4. Cookie Management
Task: Send request with cookie "end=3"
curl -k -b "end=3" https://curlingfun:9090/
Concept: Setting cookies in HTTP requests
5. Viewing HTTP Headers
Task: View HTTP headers in response
curl -k -v https://curlingfun:9090/
Concept: Inspecting HTTP response headers
6. Custom Headers
Task: Send custom header "Stone: Granite"
curl -k -H "Stone: Granite" https://curlingfun:9090/
Concept: Adding custom headers to requests
7. Path Preservation
Task: Access URL with special characters
curl -k --path-as-is https://curlingfun:9090/../../etc/hacks
Concept: Preserving URL paths without normalization
Bonus Challenge
Hard Mode: Combine multiple requirements in one command
curl -k -X POST -d "skip=bow" -b "end=10" -H "Hack: 12ft" https://curlingfun:9090/
Key Learning Points
- CURL command-line options
- HTTP/HTTPS concepts
- Web security considerations
- Certificate handling
- HTTP methods and headers
- Cookie management
- URL path handling
Solution Strategy
- Understand each individual requirement
- Test commands separately first
- Look for ways to combine flags efficiently
- Verify each step's success
- Consider security implications