$ curl -s -X POST http://challenge.ctf.org/wwwsxyprn/api/register \ -H "Content-Type: application/json" \ -d '"user":"hacker","pass":"dummy"' -i
We have a valid session cookie.
Using gobuster (or dirsearch ) against the root: wwwsxyprn
The goal is to obtain the hidden flag ( CTF… ) that is stored on the server. $ curl -s -X POST http://challenge
X = "4a1d4dbc1e5b2a1c5e0f6d8e0b5f3e0a6c2d9d7d" wwwsxyprn