HTTP for Dummies Exercises

These exercises are to be completed along with the HTTP for Dummies presentation

To start the challenge simply click on the Try in PWD button. You will need to login using a docker hub account to access the platform.

Exercise 1 - Banner Grabbing

Question: What is the banner of the web server running?

Open port: 8080

Exercise 2 - 404

Question: Have you checked for 404 error messages?

Open port: 8081

Exercise 3 - Enumeration Above All

Question: Enumeration is one of the most important phases when it comes to web application security assessments. It is vital to identify the attack surface before testing the application’s functionality. Your task is to identify the resource which contains the flag on the server.

Open port: 8082

Exercise 4 - Know your Verbs

Question: What methods does the web server support? Can you get the flag?

Open port: 8083

Exercise 5 - Everyone gets a Cookie

Question: Can you find the flag on the server? Cookies anyone?

Open port: 8084

Exercise 6 - HTTP Versions

Question: The web application should be accessed only using HTTP 1.0.

Open port: 8085

Exercise 7 - Redirections

Question: Be aware of HTTP redirections, sometimes there is information exposed but can be easily missed. Find the flag.

Open port: 8086

Exercise 8 - Secure Browser

Question: The web application can be accessed only via the “Secure Browser”.

Open port: 8087

Exercise 9 - Virtual Hosts

Question: A single web server can host multiple web applications. Find the flag

Open port: 8088