Challenge Author: MADSTACKS
Category: Web Exploitation
Difficulty: Easy
Description
There is some interesting information hidden around this site. Can you find it?
Process / Notes
- Open site
- Two tabs - how and what
- How = liking the website; what = html, css, JS were used to make the site
- Examine the source code
- First part of the flag in some <!-> text toward the bottom
- Remembering to check the embedded css and JS, will check those at the top
- Another part of the flag in the css
- Seemingly nothing of note in the JS
- Inspector to see about running the JS
- No wait, the clue is “how can I keep google from indexing my website?” - the robots.txt!
- Adding ‘/robots.txt’ to the url got me the third part of the flag
- Next hint is that it’s an apache server
- Reading how to interact with an apache server and nothing’s coming of it
- At 18:40 looking up what to do next in the challenge
- add ‘/.htaccess’ to the url! Definitely wouldn’t have figured that out by chance
- Next clue is about making websites on their mac because they can store a lot of information
- Checking the storage in the inspector
- Nothing there
- From the walk-through, it’s actually under another url change to ‘/.DS_Store’
- That contained the last part of the flag
22 minutes 23 seconds to complete
Hints
Core Lessons
- Understand how to access the page source and the embedded css and JS
- Understand various endings to urls including
/robots.txt,/.htaccess, and/.DS_Store