Terminal: 404-FTW

Web Ring Area

Objective

Recover the Web Ring

Task 3: 404 FTW

Difficulty: 1/5 Christmas Trees Description: The next attack is forced browsing where the naughty one is guessing URLs. What's the first successful URL path in this attack?

Solution

Use the following filter in Wireshark.

ip.src == 18.222.86.32 and http.request.method == "GET"

The first GET request that isn't following the pattern of requesting existing resources is the GET /index request, number 23352. Update the Wireshark search filter to the following.

ip.src == 10.12.42.16 and ip.dst == 18.222.86.32 and http and !(http.response.code == 404)

The first 200 OK response after packet number 23352 is packet number 27716. Right-click this packet and select 'Follow HTTP Stream' to view the request packet as well. This shows that the requested resource was /proc.

Return to the Web Ring Area to submit the answer of /proc in the badge.