HtB - CA2023 - Persistence

HackTheBox Cyber Apocalypse 2023

Thousands of years ago, sending a GET request to /flag would grant immense power and wisdom. now it’s broken and usually returns random data, but keep trying, and you might get lucky… Legends say it works once every 1000 tries.

Solution

The goal of this challenge is worded quite blatantly in the description.. We’ll just create a quick one-line bash script to submit curl requests and pipe that to grep to intercept the response that returns the flag;

After some time we get our flag;

Flag HTB{y0u_h4v3_p0w3rfuL_sCr1pt1ng_ab1lit1eS!}