Points: 200
Tags: picoCTF 2022, Web Exploitation
Author: MUBARAK MIKAIL
Description:
The flag is somewhere on this web application not necessarily on the website. Find it.
Check this out.
Hints:
(None)
Challenge link: https://play.picoctf.org/practice/challenge/291
The challenge name suggests that we should investigate the robots.txt file.
Get the robots.txt file on the web site with curl
┌──(kali㉿kali)-[/mnt/…/picoCTF/picoCTF_2022/Web_Exploitation/Roboto_Sans]
└─$ curl http://saturn.picoctf.net:59901/robots.txt
User-agent *
Disallow: /cgi-bin/
Think you have seen your flag or want to keep looking.
ZmxhZzEudHh0;anMvbXlmaW
anMvbXlmaWxlLnR4dA==
svssshjweuiwl;oiho.bsvdaslejg
Disallow: /wp-admin/ Hhm, we have a number of encoded strings. Some of them seems to be base64 encoded.
Trying different combinations of the encoded strings above we get a lot of invalid input errors.
But we get the following readable data
┌──(kali㉿kali)-[/mnt/…/picoCTF/picoCTF_2022/Web_Exploitation/Roboto_Sans]
└─$ echo "ZmxhZzEudHh0" | base64 -d
flag1.txt
┌──(kali㉿kali)-[/mnt/…/picoCTF/picoCTF_2022/Web_Exploitation/Roboto_Sans]
└─$ echo "anMvbXlmaWxlLnR4dA==" | base64 -d
js/myfile.txt So we have two possible locations for the flag file:
- flag1.txt
- js/myfile.txt
Let's try both of them.
┌──(kali㉿kali)-[/mnt/…/picoCTF/picoCTF_2022/Web_Exploitation/Roboto_Sans]
└─$ curl http://saturn.picoctf.net:59901/flag1.txt
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.21.6</center>
</body>
</html>
┌──(kali㉿kali)-[/mnt/…/picoCTF/picoCTF_2022/Web_Exploitation/Roboto_Sans]
└─$ curl http://saturn.picoctf.net:59901/js/myfile.txt
picoCTF{<REDACTED>}For additional information, please see the references below.