picoCTF Web Exploitation: Scavenger Hunt
 |
| picoCTF |
Introduction
Hello Everyone !!
This blog covers solution of Scavenger Hunt challenge which is part of the picoCTF Web Exploitation category.
Challenge Description
There is some interesting information hidden around this site http://mercury.picoctf.net:44070/. Can you find it?
Category: Web Exploitation
Hints
You should have enough hints to find the files, don’t run a brute forcer.
Approach
Inspect the element to get the source code of the website.
Look into the html file, css file and the javascript file.
This comment <! — Here’s the first part of the flag: picoCTF{t → provides us with the first part of the flag.
Next, there are some files linked to it like the CSS and JS. Adding /mycss.css to the URL gives access to the CSS file
Here we have the next part of the flag /* CSS makes the page look nice, and yes, it also has part of the flag. Here’s part 2: h4ts_4_l0 */
Also checking the JS file reveals,
/* How can I keep Google from indexing my website? */ . This clue made me think of web crawlers and the use of a robots exclusion file (robots.txt). I added the /robots.txt to the URL.
Here is Part 3: t_0f_pl4c and a clue to the next part, I think this is an apache server… can you Access the next flag? There is a hint with the capitalized word “Access”.The htaccess manages Apache serve permissions. Replacing /robots.txt with /.htaccess.
Again, there is Part 4: 3s_2_lO0k alongside a hint as the previous one. The hint refers to a “Store” on Mac that stores a lot of information. The .DS_Store file on Macs stores configurations for how the desktop looks like. Now replacing .htaccess with .DS_Store.
The flag is complete
Flag
picoCTF{th4ts_4_l0t_0f_pl4c3s_2_lO0k_7a46d25d}