Hack Me If You Can
今更ながら、下位10%のダメなエンジニアにだけ解けないパズルを解いてみました。 curlは普段使わないので練習になりました
Puzzle for Software Engineer 2
このとおりに叩く
❯ curl http://challenge-your-limits2.herokuapp.com/call/my/APIs {"error":"Ok. Let's get started! End Point is correct. But HTTP Method should be..."}
HTTP MethodがGETじゃない。POSTにしてみる
❯ curl -X POST http://challenge-your-limits2.herokuapp.com/call/my/APIs {"error":"Nope. Keep trying. End Point is correct"} ~
また違う
❯ curl -X DELETE http://challenge-your-limits2.herokuapp.com/call/my/APIs {"message":"Well done! haha! Surprised? Yeah, the answer was DELETE. Ok. Next === /c2_users/:id/hacker_apply"}
DELETEだった。
❯ curl http://challenge-your-limits2.herokuapp.com/c2_users/:id/hacker_apply {"error":"Please authenticate using Basic Auth with your username and password. You want a clue? Shout out 'help/me/out'"}
Basic認証が必要とのこと。何も登録してないので、メッセージに沿って助けを請うてみる
❯ curl http://challenge-your-limits2.herokuapp.com/help/me/out {"message":"By the way, Have you already registered? This is the clue only for REGISTERED user. You should have your id before you check the clue. If you don't, go to /c2_users/ and register. Hey, Registered users! Here you go. === bit.ly/1T8gVdG === You don't know about 'bit.ly'? Google it!"} ~
ユーザー登録してidが必要だよとのこと。とりあえずPOSTしてみる
❯ curl -X POST http://challenge-your-limits2.herokuapp.com/c2_users/ {"error":"Validation Error - [:username, \"can't be blank\"]"}
usernameが必要と。前回のクイズ同様emailも合わせて登録してみる。
❯ curl -X POST -d"username=name&email=apoidgaji@example.com" http://challenge-your-limits2.herokuapp.com/c2_users/ {"id":4272,"username":"name","email":"apoidgaji@example.com","password":"dRTVOWjAUktfCyxc","comment":null,"created_at":"2021-11-01T05:59:53.709Z","updated_at":"2021-11-01T05:59:53.709Z"}
登録できた! さっきエラーになった箇所をBasic認証で試してみる。
❯ curl -u name:dRTVOWjAUktfCyxc http://challenge-your-limits2.herokuapp.com/c2_users/:id/hacker_apply {"error":"Your id is a bit weird. Can you check it?"} ~
idがおかしいとのこと。さっき生成されたIDをurl中に含める
❯ curl -u name:dRTVOWjAUktfCyxc http://challenge-your-limits2.herokuapp.com/c2_users/4272/hacker_apply {"message":"Awesome! Can you come over here? === R29vZCBqb2IhISBQbGVhc2UgYWNjZXNzIHRvIHRoZSB1cmwgZnJvbSB5b3VyIHdlYiBicm93c2VyLiA9PT0gXApodHRwOi8vY2hhbGxlbmdlLXlvdXItbGltaXRzMi5oZXJva3VhcHAuY29tL3dpbm5lcl9jb21tZW50cy81SU9oaF9UUDFuMFAtNlNJ You want a clue? Shout out 'give me a clue'"} ~
できた!けど、なんの文字の羅列かわからない。ヒントを貰う。
❯ curl http://challenge-your-limits2.herokuapp.com/give/me /a/clue {"error":"Don't forget to say 'please'"} ~
Pleaseをつけろと注意される😩
❯ curl http://challenge-your-limits2.herokuapp.com/please/give/me/a/clue {"message":"Here you go === bit.ly/1MWLnZr === You don't know about 'bit.ly'? Google it!"}
指定のページに飛ぶ。
デコードしろってことなので、
❯ echo -n 'R29vZCBqb2IhISBQbGVhc2UgYWNjZXNzIHRvIHRoZSB1cmwgZnJvbSB5b3VyIHdlYiBicm93c2VyLiA9PT0gXApodHRwOi8vY2hhbGxlbmdlLXlvdXItbGltaXRzMi5oZXJva3VhcHAuY29tL3dpbm5lcl9jb21tZW50cy9tV1VmaHo2Qkp2ZW5UbldI' | base64 -D Good job!! Please access to the url from your web browser. === \ http://challenge-your-limits2.herokuapp.com/winner_comments/mWUfhz6BJvenTnWH ~ ❯
できた!