Your First Request

🎯 What You'll Learn

• What a client and server are
• How to make your first HTTP request
• Using curl to talk to servers

📖 The Concept

The web works on a simple model: clients ask for things, servers provide them.

┌──────────┐         Request          ┌──────────┐
│  CLIENT  │  ───────────────────────▶│  SERVER  │
│ (you)    │                          │          │
│          │◀───────────────────────  │          │
└──────────┘         Response         └──────────┘

Client: Any program that requests data (your browser, curl, an app) Server: A program that waits for requests and sends back responses

When you type a URL in your browser:

1. Your browser (client) sends a request to a server
2. The server processes the request
3. The server sends back a response (usually a web page)

🔧 The Tool: curl

curl is a command-line tool that lets you make HTTP requests. Think of it as a text-based web browser.

Basic syntax:

curl http://example.com

This sends a GET request to example.com and prints the response.

🚀 Your Challenge

A server is running and waiting for your request. Use curl to make a GET request and retrieve the flag!

curl http://challenge/

Good luck! 🍀

Request & Response

🎯 What You'll Learn

• The structure of HTTP requests and responses
• HTTP headers and status codes
• Using curl -v to see the full conversation

📖 The Concept

Every HTTP conversation has two parts: the request and the response.

HTTP Request Structure

GET /path HTTP/1.1          ← Request line (method, path, version)
Host: example.com           ← Headers (metadata)
User-Agent: curl/7.68.0
Accept: */*
                            ← Empty line
[optional body]             ← Request body (for POST, PUT, etc.)

HTTP Response Structure

HTTP/1.1 200 OK             ← Status line (version, code, message)
Content-Type: text/html     ← Headers
Content-Length: 1234
                            ← Empty line
<html>...</html>            ← Response body

Common Status Codes

• 200 OK - Success!
• 404 Not Found - Resource doesn't exist
• 500 Internal Server Error - Server had a problem

🔧 Using curl -v (verbose)

To see the full request/response conversation:

curl -v http://example.com

Lines starting with > are what you SENT (request) Lines starting with < are what you RECEIVED (response)

🚀 Your Challenge

The server will only give you the flag if you prove you understand HTTP.

Use curl -v to make a request and find a secret header in the response. Then make another request including that header name as a query parameter.

Step 1: See all headers

curl -v http://challenge/

Step 2: Find the secret header in the response (look for X-Secret-Header)

Step 3: Request with the header name

curl "http://challenge/verify?header=<header-name>"

Good luck! 🍀

Server Ports

🎯 What You'll Learn

• What ports are and why they exist
• Common port numbers
• How to connect to different ports

📖 The Concept

A server computer can run many services at once. How does it know which service you want to talk to? Ports!

Think of it like an apartment building:

• The IP address is the building's street address
• The port is the apartment number

┌─────────────────────────────────────┐
│         Server (192.168.1.1)        │
├─────────┬─────────┬─────────────────┤
│ Port 80 │ Port 443│ Port 22         │
│  HTTP   │  HTTPS  │  SSH            │
│ (web)   │(secure) │(remote login)   │
└─────────┴─────────┴─────────────────┘

Common Ports

Specifying Ports in URLs

http://example.com          ← Port 80 (default for http)
http://example.com:8080     ← Port 8080 (explicitly stated)
https://example.com         ← Port 443 (default for https)

🚀 Your Challenge

The flag is split across THREE different servers running on different ports!

Find all three parts:

• Port 80 has the first part
• Port 8080 has the second part
• Port 9000 has the third part

curl http://challenge/
curl http://challenge:8080/
curl http://challenge:9000/

Combine all three parts to get the complete flag!

Good luck! 🍀

Localhost

🎯 What You'll Learn

• What localhost means
• The special IP address 127.0.0.1
• Why localhost is useful for development

📖 The Concept

Localhost is your computer talking to itself!

Every computer has a special address reserved for internal communication:

• 127.0.0.1 - The IP address for "this computer"
• localhost - A hostname that maps to 127.0.0.1

┌────────────────────────────────────────┐
│            Your Computer               │
│  ┌──────────┐      ┌──────────┐       │
│  │  Client  │ ───▶ │  Server  │       │
│  │  (curl)  │      │ (local)  │       │
│  └──────────┘      └──────────┘       │
│         Both on the same machine!      │
└────────────────────────────────────────┘

Why Use Localhost?

1. Development - Test your server before deploying
2. Security - Service only accessible from this machine
3. Speed - No network latency

Different Ways to Access Localhost

curl http://localhost/
curl http://127.0.0.1/
curl http://[::1]/          # IPv6 localhost

All three reach the same place - your own machine!

🚀 Your Challenge

The server is running locally but it's picky about how you address it!

The server will give you a clue for each address format you try. Visit all three to get the flag:

1. First, try the hostname: curl http://localhost/
2. Then, try IPv4: curl http://127.0.0.1/
3. Finally, combine what you learned: curl http://localhost/flag?token=<token>

The token is revealed through steps 1 and 2!

Good luck! 🍀