The Challenge
The Solution
So the mention of Google not finding something is a pretty obvious hint towards robots.txt. So let’s check it out.
Well that looks pretty useless.
Unless it’s encoded or hashed.
Because of the fact there’s multiple letters that aren’t A-F and also numbers, I’m gonna take a guess that this is base64. I’m gonna copy all the disallows into a text file.
Now let’s use cut to get all the data out.
1 |
$ cut -d "/" -f 2 web3_raw.txt > web3_data.txt |
Now let’s decode that bad boy with base64.
1 2 3 4 5 6 7 8 9 10 11 12 13 |
$ base64 -D web3_data.txt 6L?1??D?VL?V81V(??SG?EGn?4?K???bD?6?oH?7U0Qc??C???vЭAS_Be?G?΅?rM N??360d?- /?F r?t?'??P?B?qw8?E?D??}?PBB҆U?`E0 e%???V|??Iд?Cvg?4'p ?ѻ??4IoX ???G?D ^?m??.? TV?CA??}%@?/v?Չ(?K?A?P?;c???d???خ?ТDtQ?6"[email protected])x?]tL`?$W?$K?=T??GOAY?v7?P?} t?D;X?X??+???Ф[email protected] d?M!!?!?Kc??3?P?:???Q??3r8?!t05פ@?W=#?؝??nV5~?A#Q?5?? WOMYOtUT#??-_t?;[email protected](??VY ??ۯ _?? T?,??M??5 ?7?MO`^???L?;uY`[email protected][email protected]??fR?r?Y$?MqT?c?6?4?4'q???G??9}?a3? ??D?V c?a^QH? |
So it’s uh… not base64.
Well, it is a folder list. Maybe one of these folders has the flag?
Let’s use dirb and use the wordlist we generated to see which folder(s) exist.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
$ dirb http://crikeyconctf.dook.biz:8080/web3/ web3_data.txt ----------------- DIRB v2.22 By The Dark Raver ----------------- START_TIME: Wed Mar 14 15:54:05 2018 URL_BASE: http://crikeyconctf.dook.biz:8080/web3/ WORDLIST_FILES: web3_data.txt ----------------- GENERATED WORDS: 101 ---- Scanning URL: http://crikeyconctf.dook.biz:8080/web3/ ---- ==> DIRECTORY: http://crikeyconctf.dook.biz:8080/web3/VUBNORJL23DF/ ---- Entering directory: http://crikeyconctf.dook.biz:8080/web3/VUBNORJL23DF/ ---- ----------------- END_TIME: Wed Mar 14 15:54:10 2018 DOWNLOADED: 202 - FOUND: 0 |
Alright. Got a hit. Let’s navigate there…
Got’em.