Upon visiting the URL, you will be shown the following (and nothing else).
Basically, the hint of the problem is given in the name itself ("Agent007").
We have to change the User-Agent
to "007" to get the flag from the server. A simple curl
command can do it.
curl --user-agent "007" "https://agent007.ductf.com/"
This will return the following:
Congratulations Agent 007!
duCTF{user_agent_is_not_a_secure_way_to_authenticate}
Flag: duCTF{user_agent_is_not_a_secure_way_to_authenticate}
Server is performing a check for the User-Agent
like this:
app.get('/', (req, res) => {
const userAgent = req.get('User-Agent');
if (userAgent && userAgent === '007') {
res.send('Congratulations Agent 007!\nduCTF{user_agent_is_not_a_secure_way_to_authenticate}');
} else {
res.send('I never miss.');
}
});