This challenge is linked directly to a file called “404.php”, that serves up the following content:
f00 not found Something is not right here??? btw...bounty $70
This is intentional, and not an accidental 404, given the level-specific bounty and the fact that it’s linked directly in the menu. Let’s tryhttp://ctf.infosecinstitute/levelseven.php, since that’s what all the other levels are. Sure enough, it works. Kind of.
The page is blank, but instead of a 404 status code, we get 200. Well, not really:
The HTTP status is 200, but the status text should be “OK”, so let’s see what it actually says:
Ahh, another base64-encoded string. We came across that in level 2, so we’ll just use that atob() function again:
Easy enough! But why does this work? Did they hack the internet?!
The HTTP status code is separate from the status text – they’re just commonly used together. We can generate the same effect with PHP’s header function.
<?php die(header("HTTP/1.0 404 Just kidding, it's here."));
It’s important to note that some software (crawlers, for example) may only look at the status code. Generating random HTTP statuses because you can is generally not a useful thing to do in real life ;)