{"id":191,"date":"2019-01-17T04:18:31","date_gmt":"2019-01-17T04:18:31","guid":{"rendered":"https:\/\/mrjsec.co.uk\/blog\/?p=191"},"modified":"2019-01-17T04:18:38","modified_gmt":"2019-01-17T04:18:38","slug":"holly-evergreen-curling-master-cranberry-pi-terminal","status":"publish","type":"post","link":"https:\/\/mrjsec.co.uk\/blog\/holly-evergreen-curling-master-cranberry-pi-terminal\/","title":{"rendered":"
Holly Evergreen – CURLing Master Cranberry Pi terminal<\/center>"},"content":{"rendered":"\n

Holly Evergreen wants us to restart the Candy Striper, and also hints “The trigger to restart the Candy Striper is an arcane HTTP call or 2.”<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

When we first enter the terminal, were informed that we could find hints in the file “\/etc\/nginx\/nginx.conf<\/a>“<\/p>\n\n\n\n

There are a couple of things to note here, one we can’t access “\/var\/www\/html\/” (bash: cd: \/var\/www\/html\/: Permission denied) \ud83d\ude41
Also, “listen 8080 http2;” But we already know this because of the hint from Holly Evergreen.<\/p>\n\n\n\n

We need to curl the URL http:\/\/localhost:8080\/, but one thing I noticed was the “.bash_history” and how it already had the curl command ready! (If it’s there, then I guess we can use it? Finder’s Keepers!).<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

Cool! We can use curl –http2-prior-knowledge http:\/\/localhost:8080\/ and that gives us.<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

“To turn the machine on, simply POST to this URL with parameter “status=on”<\/p>\n\n\n\n

Simple enough, entering “curl –http2-prior-knowledge -d “status=on” -X POST http:\/\/localhost:8080\/” returns us with.<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

Curl is not something new, and it is not something too hard to learn, there are many guides, examples and videos on how to use curl.
Fun little challenge \ud83d\ude42<\/p>\n\n\n\n

Bonus<\/em><\/strong><\/p>\n\n\n\n

I did mess around with the website and curling and found two funky things about it, which I like as it guides newcomers to the correct path.<\/p>\n\n\n\n

If you send a GET, you get this back “curl –http2-prior-knowledge -X POST http:\/\/localhost:8080\/index.php?status=on”<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

Moreover, if you do get the command correct, but you send the wrong parameter, i.e. “curl –http2-prior-knowledge -d “param1=on” -X POST http:\/\/localhost:8080\/” You get.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

I liked this, as this challenge was forgiving and didn’t expect you to be a master of curl, N1 one devs <3.<\/p>\n\n\n\n

References:
\nhttps:\/\/gist.github.com\/subfuzion\/08c5d85437d5d4f00e58<\/p>\n","protected":false},"excerpt":{"rendered":"

Holly Evergreen wants us to restart the Candy Striper, and also hints “The trigger to restart the Candy Striper is an arcane HTTP call or 2.” When we first enter the terminal, were informed that…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[10],"tags":[13,14,12],"class_list":["post-191","post","type-post","status-publish","format-standard","hentry","category-kringlecon-2018","tag-13","tag-ctf","tag-kringlecon"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/paD3U6-35","_links":{"self":[{"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/posts\/191","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=191"}],"version-history":[{"count":1,"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/posts\/191\/revisions"}],"predecessor-version":[{"id":198,"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/posts\/191\/revisions\/198"}],"wp:attachment":[{"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=191"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=191"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}