Hack Me If You Can
今更ながら、下位10%のダメなエンジニアにだけ解けないパズルを解いてみました。 curlは普段使わないので練習になりました
Puzzle for Software Engineer 2
このとおりに叩く
❯ curl http://challenge-your-limits2.herokuapp.com/call/my/APIs
{"error":"Ok. Let's get started! End Point is correct. But HTTP Method should be..."}
HTTP MethodがGETじゃない。POSTにしてみる
❯ curl -X POST http://challenge-your-limits2.herokuapp.com/call/my/APIs
{"error":"Nope. Keep trying. End Point is correct"}
~
また違う
❯ curl -X DELETE http://challenge-your-limits2.herokuapp.com/call/my/APIs
{"message":"Well done! haha! Surprised?
Yeah, the answer was DELETE.
Ok. Next === /c2_users/:id/hacker_apply"}
DELETEだった。
❯ curl http://challenge-your-limits2.herokuapp.com/c2_users/:id/hacker_apply
{"error":"Please authenticate using Basic Auth with your username and password.
You want a clue?
Shout out 'help/me/out'"}
Basic認証が必要とのこと。何も登録してないので、メッセージに沿って助けを請うてみる
❯ curl http://challenge-your-limits2.herokuapp.com/help/me/out
{"message":"By the way, Have you already registered?
This is the clue only for REGISTERED user.
You should have your id before you check the clue.
If you don't, go to /c2_users/ and register.
Hey, Registered users!
Here you go. === bit.ly/1T8gVdG ===
You don't know about 'bit.ly'? Google it!"}
~
ユーザー登録してidが必要だよとのこと。とりあえずPOSTしてみる
❯ curl -X POST http://challenge-your-limits2.herokuapp.com/c2_users/
{"error":"Validation Error - [:username, \"can't be blank\"]"}
usernameが必要と。前回のクイズ同様emailも合わせて登録してみる。
❯ curl -X POST -d"username=name&email=apoidgaji@example.com" http://challenge-your-limits2.herokuapp.com/c2_users/
{"id":4272,"username":"name","email":"apoidgaji@example.com","password":"dRTVOWjAUktfCyxc","comment":null,"created_at":"2021-11-01T05:59:53.709Z","updated_at":"2021-11-01T05:59:53.709Z"}
登録できた! さっきエラーになった箇所をBasic認証で試してみる。
❯ curl -u name:dRTVOWjAUktfCyxc http://challenge-your-limits2.herokuapp.com/c2_users/:id/hacker_apply
{"error":"Your id is a bit weird. Can you check it?"}
~
idがおかしいとのこと。さっき生成されたIDをurl中に含める
❯ curl -u name:dRTVOWjAUktfCyxc http://challenge-your-limits2.herokuapp.com/c2_users/4272/hacker_apply
{"message":"Awesome! Can you come over here? === R29vZCBqb2IhISBQbGVhc2UgYWNjZXNzIHRvIHRoZSB1cmwgZnJvbSB5b3VyIHdlYiBicm93c2VyLiA9PT0gXApodHRwOi8vY2hhbGxlbmdlLXlvdXItbGltaXRzMi5oZXJva3VhcHAuY29tL3dpbm5lcl9jb21tZW50cy81SU9oaF9UUDFuMFAtNlNJ You want a clue? Shout out 'give me a clue'"}
~
できた!けど、なんの文字の羅列かわからない。ヒントを貰う。
❯ curl http://challenge-your-limits2.herokuapp.com/give/me
/a/clue
{"error":"Don't forget to say 'please'"}
~
Pleaseをつけろと注意される😩
❯ curl http://challenge-your-limits2.herokuapp.com/please/give/me/a/clue
{"message":"Here you go === bit.ly/1MWLnZr === You don't know about 'bit.ly'? Google it!"}
指定のページに飛ぶ。
デコードしろってことなので、
❯ echo -n 'R29vZCBqb2IhISBQbGVhc2UgYWNjZXNzIHRvIHRoZSB1cmwgZnJvbSB5b3VyIHdlYiBicm93c2VyLiA9PT0gXApodHRwOi8vY2hhbGxlbmdlLXlvdXItbGltaXRzMi5oZXJva3VhcHAuY29tL3dpbm5lcl9jb21tZW50cy9tV1VmaHo2Qkp2ZW5UbldI' | base64 -D Good job!! Please access to the url from your web browser. === \ http://challenge-your-limits2.herokuapp.com/winner_comments/mWUfhz6BJvenTnWH ~ ❯
できた!
