PicoCTF-2022 Writeup
  • README
  • Binary Exploitation
    • buffer overflow 1
    • buffer overflow 2
    • buffer overflow 3
    • flag leak
    • function overwrite
    • ropfu
    • stack cache
    • x-sixty-what
  • Cryptography
    • basic-mod1
    • basic-mod2
    • diffie-hellman
    • morse-code
    • NSA Backdoor
    • Sequences
    • substitution
    • Sum-O-Primes
    • Very Smooth
  • Forensics
    • Operation Oni
    • Operation Orchid
    • SideChannel
    • St3g0
    • Torrent Analyze
  • Reverse Engineering
    • Bbbbloat
    • Keygenme
    • unpackme
    • Wizardlike
  • Web Exploitation
    • Forbidden Paths
    • noted
    • Roboto Sans
    • SQLiLite
Powered by GitBook
On this page
  • Challenge
  • Solution
  • Flag

Was this helpful?

Edit on GitHub
  1. Web Exploitation

Roboto Sans

Challenge

The flag is somewhere on this web application not necessarily on the website. Find it. Check this out.

Solution

  1. Looking at robots.txt (http://saturn.picoctf.net:65352/robots.txt) shows the following:

User-agent *
Disallow: /cgi-bin/
Think you have seen your flag or want to keep looking.

ZmxhZzEudHh0;anMvbXlmaW
anMvbXlmaWxlLnR4dA==
svssshjweuiwl;oiho.bsvdaslejg
Disallow: /wp-admin/

  1. anMvbXlmaWxlLnR4dA== decodes to js/myfile.txt.

  2. Navigating to http://saturn.picoctf.net:65352/js/myfile.txt displays the flag.

Flag

picoCTF{Who_D03sN7_L1k5_90B0T5_718c9043}

PreviousnotedNextSQLiLite

Last updated 3 years ago

Was this helpful?