cURLing
Difficulty:
Shown in Report
Team up with Bow Ninecandle to send web requests from the command line using Curl, learning how to interact directly with web servers and retrieve information like a pro!
Objective Image
Back
Challenge

I'm Bow Ninecandle, and while everyone's busy unpacking, I'd much rather invite you to try something more exciting - a curling challenge without ice! I'm talking about using Curl, a magical command-line tool for sending web requests - it's as simple as typing 'curl https://example.com' to start with, and while that's just scratching the surface, I'm here to help if you get stuck!

Solution
Silver medal

cURL Manual Hints: The official cURL man page has tons of useful information on how to use cURL.
cURL: Don't squash Hints: Take a look at cURL's "--path-as-is" option; it controls a default behavior that you may not expect!

We follow the instructions in the dialogue. We are already familiar with many of the options or can quickly find them using a search.

Welcome to Curling Fun!  We will learn some basic curl commands while playing a round of curling.
Are you ready to begin? [y]es: y

1) Unlike the defined standards of a curling sheet, embedded devices often have web servers on non-standard ports.  Use curl to retrieve the web page on host "curlingfun" port 8080.
If you need help, run the 'hint' command.
alabaster@curlingfun:~$ curl http://curlingfun:8080

2) Embedded devices often use self-signed certificates, where your browser will not trust the certificate presented.  Use curl to retrieve the TLS-protected web page at https://curlingfun:9090/
alabaster@curlingfun:~$ curl -k https://curlingfun:9090

3) Working with APIs and embedded devices often requires making HTTP POST requests. Use curl to send a request to https://curlingfun:9090/ with the parameter "skip" set to the value "alabaster", declaring Alabaster as the team captain.
alabaster@curlingfun:~$ curl -k -d "skip=alabaster" https://curlingfun:9090

4) Working with APIs and embedded devices often requires maintaining session state by passing a cookie.  Use curl to send a request to https://curlingfun:9090/ with a cookie called "end" with the value "3", indicating we're on the third end of the curling match.
alabaster@curlingfun:~$ curl -k --cookie "end=3" https://curlingfun:9090

5) Working with APIs and embedded devices sometimes requires working with raw HTTP headers.  Use curl to view the HTTP headers returned by a request to https://curlingfun:9090/
alabaster@curlingfun:~$ curl -k -v https://curlingfun:9090

6) Working with APIs and embedded devices sometimes requires working with custom HTTP headers.  Use curl to send a request to https://curlingfun:9090/ with an HTTP header called "Stone" and the value "Granite".
alabaster@curlingfun:~$ curl -k -H "Stone:Granite" https://curlingfun:9090

7) curl will modify your URL unless you tell it not to.  For example, use curl to retrieve the following URL containing special characters: https://curlingfun:9090/../../etc/hacks
alabaster@curlingfun:~$ curl -k --path-as-is "https://curlingfun:9090/../../etc/hacks"

Great work! 

You know... rumor has it you can breeze through this with just three commands. Why don’t you give it a whirl?

Gold medal

We only find the hard challenge after we have looked around a bit in the file system. But then we build the commands as before.

alabaster@curlingfun:~$ cat HARD-MODE.txt 
Prefer to skip ahead without guidance?  Use curl to craft a request meeting these requirements:
- HTTP POST request to https://curlingfun:9090/
- Parameter "skip" set to "bow"
- Cookie "end" set to "10"
- Header "Hack" set to "12ft"

alabaster@curlingfun:~$ curl -k -d "skip=bow" --cookie "end=10" -H "Hack:12ft" https://curlingfun:9090
Excellent!  Now, use curl to access this URL: https://curlingfun:9090/../../etc/button
alabaster@curlingfun:~$ curl -k --path-as-is "https://curlingfun:9090/../../etc/button"
Great!  Finally, use curl to access the page that this URL redirects to: https://curlingfun:9090/GoodSportsmanship
alabaster@curlingfun:~$ curl -k -L "https://curlingfun:9090/GoodSportsmanship"

Excellent work, you have solved hard mode!  You may close this terminal once HHC grants your achievement.

I'm absolutely amazed at your web wizardry - you've mastered the Curl challenge faster than a curling stone on magical ice, and even managed to condense it all into just three commands! You're truly a Curling conjurer!