Skip to content

🧩 Introduction

Welcome to this CTF challenge set. Before diving into solving tasks, it’s important to understand how you will interact with the challenges themselves. Most of the tasks in this CTF involve communicating with a server through HTTP requests (GET, POST, etc.). This means you’ll need tools that allow you to send requests, inspect responses, and experiment with different inputs.

The good news is: you can solve all challenges using almost any operating system β€” whether you are on Windows, Linux, or macOS. The difference is mainly in which tools are most convenient for you.

πŸ–₯️ If You Are Using Windows

On Windows, the easiest way to get started is by using a graphical tool like Postman.

  • You can download the desktop app from Postman
  • Alternatively, you can use the web version directly in your browser (no installation required)

Postman provides a visual interface where you can:

  • Select request methods (GET, POST, DELETE, etc.)
  • Enter URLs
  • Add query parameters easily
  • Send JSON bodies
  • Modify headers

This makes it ideal for beginners because you don’t need to remember command syntax β€” everything is clickable and visible.

If you prefer working in the terminal, modern Windows systems also include curl, which allows you to send requests using command-line instructions.

🐧 If You Are Using Linux

On Linux, most users rely on the terminal, and the primary tool you’ll use is:

  • curl β€” a powerful command-line utility for sending HTTP requests

With curl, you can:

  • Send GET requests directly
  • Add query parameters
  • Send POST requests with JSON data
  • Include custom headers (like Authorization tokens)

It may feel less intuitive at first compared to graphical tools, but it gives you full control and is extremely efficient once you get used to it.

You can also install and use Postman on Linux if you prefer a graphical interface, but many CTF players stick to curl because it’s fast and scriptable.

🍎 If You Are Using macOS

macOS users have access to both worlds:

  • curl is pre-installed and works exactly like on Linux
  • Postman is available as a desktop application

You can choose whichever workflow suits you best β€” graphical (Postman) or terminal-based (curl).

🐍 Optional: Using Python

Since APIs are just HTTP requests, you can also solve challenges programmatically using Python.

With libraries like requests, you can:

  • Automate requests
  • Test multiple inputs quickly
  • Build scripts for more complex challenges

This approach becomes especially useful in later stages of CTFs where automation is required.

🧠 Choosing the Right Tool

There is no single β€œcorrect” tool β€” the best choice depends on your experience and preference:

  • Beginner β†’ Use Postman (visual and easy to understand)
  • Intermediate β†’ Start using curl
  • Advanced β†’ Combine curl and scripting (Python, bash)

In real CTF environments, participants often switch between tools depending on the situation.

πŸš€ Final Note

The goal of this CTF is not just to find flags, but to learn how APIs work in practice:

  • How requests are structured
  • How servers respond
  • How small changes affect behavior

The tools you choose are simply a way to explore these concepts. Focus on understanding what’s happening under the hood β€” that’s where the real skill is built.

Good luck, and enjoy the challenges.