Lidemy HTTP Challenge writeup

Here's the website

Level 0

• The token is on the screen

Level 1

• Just pass the name you like as the token

Level 2

• try pass the URL as this format: https://lidemy-http-challenge.herokuapp.com/lv2?token={HellOWOrld}&id=NUMBER

Level 3

• Write this code and run it by node FILE_NAME.js in the directory's terminal

const request = require('request');

request.post(
    'https://lidemy-http-challenge.herokuapp.com/api/books',// the request url
    // 因為 "POST 以及 PATCH 的 content type 為：application/x-www-form-urlencoded。"
    {form:{
        name: '《大腦喜歡這樣學》',
        ISBN: '9789863594475'
    }},
    (err, response, body) => {
        console.log(body)// get the result
    }
)

• After running it, you'll probably get a message and id(which is also the token)

• Get more application/x-www-form-urlencoded knowledge at here

Level 4

• After reading this

• You'll probably know that https://lidemy-http-challenge.herokuapp.com/api/books?q=世界 has the token

Level 5

• Create a .js file with these codes

const request = require('request');

request.delete(
    'https://lidemy-http-challenge.herokuapp.com/api/books/23',
    (err, response, body) => {
        console.log(body)
    }
)

• After running it by node FILE_NAME.js, you'll see the token

Level 6

• Enter the URL you'll find this

首先你必須準備好一組字串，內容為 base64(username:password)
舉例來說，如果 username 是 aaa，password 是 123 的話，就會是字串 aaa:123 拿去做 base64 編碼之後得到的結果
再把這個結果放到 Header 去，最後變成：Authorization: Basic YWFhOjEyMw==
只要帶上這個 Header 就可以驗證身份囉！

• Use Online base64 encoder to get the result of the 'Authorization'

• Therefore, create a file with codes below

const request = require('request');

const option = {
    url: 'https://lidemy-http-challenge.herokuapp.com/api/v2/me',
    headers: {
        'Authorization': 'Basic YWRtaW46YWRtaW4xMjM='
    }
}

function callback (error, response, body) {
    console.log(body)
}

request(option, callback)

• And you'll get this: {"username":"admin","email":"lib@lidemy.com"}

Level 7

• Create a file and code this

const request = require('request');

request.delete(
    {
        url: 'https://lidemy-http-challenge.herokuapp.com/api/v2/books/89',
        headers: {
            'Authorization': 'Basic YWRtaW46YWRtaW4xMjM='
        }
    }, 
    (error, response, body) => console.log(body)
)

• Run it to get the token

Level 8

• Use Online URI encoder to get the q value

• Code a file that could find the book information (and the target is the book with id 72)

const request = require('request');

const option = {
    url: `https://lidemy-http-challenge.herokuapp.com/api/v2/books?q=%E6%88%91`,
    headers: {
        'Authorization': 'Basic YWRtaW46YWRtaW4xMjM='
    }
}

function callback (error, response, body) {
    const json = JSON.parse(body)
    console.log(json)
}

request.get(option, callback)

• Run these codes to get the token

const request = require('request');

const option = {
    url: 'https://lidemy-http-challenge.herokuapp.com/api/v2/books/72',
    headers: {
        'Authorization': 'Basic YWRtaW46YWRtaW4xMjM='
    },
    form: {
        ISBN: '9981835423',
    }
}

function callback (error, response, body) {
    console.log(body)
}

request.patch(option, callback)

Level 9

• Open DevTools to get the value of user agent

• Run this file to get the token

const request = require('request');

const option = {
    url: 'https://lidemy-http-challenge.herokuapp.com/api/v2/sys_info',
    headers: {
        'Authorization': 'Basic YWRtaW46YWRtaW4xMjM=',
        'X-Library-Number': '20',
        'User-Agent': 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)'
    },
}

function callback (error, response, body) {
    console.log(body)
}

request.get(option, callback)

• Pass the version value to get the token

Level 10

• A "Guess the number game"

Level 11

• You'll get this after accessing the website

• First, run the code similar to the files before

const request = require('request');

request.get(
    'https://lidemy-http-challenge.herokuapp.com/api/v3/hello',
    (error, response, body) => {
        console.log(body)
    }
)

• But get 您的 origin 不被允許存取此資源，請確認您是從 lidemy.com 送出 request。
• So add the origin and it gave us the token

const request = require('request');

const option = {
    url: 'https://lidemy-http-challenge.herokuapp.com/api/v3/hello',
    headers: {
        'Origin': 'lidemy.com'
    },
}

function callback (error, response, body) {
    console.log(body)
}

request.get(option, callback)

Level 12

• After reading the file it provides, I decide to go to https://lidemy-http-challenge.herokuapp.com/api/v3/deliver_token
• And open DevTools >>> Network and you'll find the token

Level 13

• Enter this website and choose the one with HTTPS
• Change your proxy server to it
• Access https://lidemy-http-challenge.herokuapp.com/api/v3/logs to get the token

Level 14

• Run https://lidemy-http-challenge.herokuapp.com/lv14?token={SEOisHard}&hint=1 to get some clues

• Enter this website and grab one user agent

• Run this code to get the token

const request = require('request');

const option = {
    url: 'https://lidemy-http-challenge.herokuapp.com/api/v3/index',
    headers: {
        'User-Agent': 'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)'
    },
}

function callback (error, response, body) {
    console.log(body)
}

request.get(option, callback)

Level 15