First Time Using Curl

Just got done with a quick CTF challenge.  The website had a login screen and that is it.  The code inside reference a index.html, and a checklogin.php file.  Checklogin.php should have the login code, so went to check that out, and it brought e back to min page.  Discovered during enumeration that a checklogin.php.bkp was there, and I couldn’t open that up in the browser.  Enter Curl!  very simple to use, curl just does a transfer of the URL to your cli interface.  I typed curl http:blah.com/checklogin.php.bkp and the flag was inside that file (not further enumeration needed but in real life or other pen test scenarios, I’m sure more would be needed)

Post Author: InfoSecJon

Info Sec Professional, Pen-Testing noob

Leave a comment or suggestion!