15Oca
cURL not returning status 302 after correct login for Hack the Box Machine ‘Crocodile’
cURL is returning a 200 status code after correct login. The common response code after user login should be 302. Why am I not receiving this status code? All information is provided below.
#!/usr/bin/env zsh
printf "\nsending raw request method: POST ..\n"
curl -X POST \
"http://10.129.1.15/login.php" \
-H '@reqsH.txt' \
-d '@reqsP.txt' \
--compressed -i -s > resp.txt
printf "\ndisplaying raw response: filtered ..\n"
grep --color=always -aiEw "((200|302)|server|cookie)|(?(<form.*>|</form>)|sign in|username|password|invalid|flag)" resp.txt -A 0
reqsH.txt
POST /login.php HTTP/2
Host: 10.129.1.15
Referer: http://10.129.1.15/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID=o56egk21rt9g72p0nml211pk2u
reqsP.txt
username=admin&password=rKXM59ESxesUFHAd
