PicoCTF-2022 Writeup
  • README
  • Binary Exploitation
    • buffer overflow 1
    • buffer overflow 2
    • buffer overflow 3
    • flag leak
    • function overwrite
    • ropfu
    • stack cache
    • x-sixty-what
  • Cryptography
    • basic-mod1
    • basic-mod2
    • diffie-hellman
    • morse-code
    • NSA Backdoor
    • Sequences
    • substitution
    • Sum-O-Primes
    • Very Smooth
  • Forensics
    • Operation Oni
    • Operation Orchid
    • SideChannel
    • St3g0
    • Torrent Analyze
  • Reverse Engineering
    • Bbbbloat
    • Keygenme
    • unpackme
    • Wizardlike
  • Web Exploitation
    • Forbidden Paths
    • noted
    • Roboto Sans
    • SQLiLite
Powered by GitBook
On this page
  • Challenge
  • Solution
  • Flag

Was this helpful?

Edit on GitHub
  1. Web Exploitation

Roboto Sans

PreviousnotedNextSQLiLite

Last updated 3 years ago

Was this helpful?

Challenge

The flag is somewhere on this web application not necessarily on the website. Find it. Check out.

Solution

  1. Looking at robots.txt (http://saturn.picoctf.net:65352/robots.txt) shows the following:

User-agent *
Disallow: /cgi-bin/
Think you have seen your flag or want to keep looking.

ZmxhZzEudHh0;anMvbXlmaW
anMvbXlmaWxlLnR4dA==
svssshjweuiwl;oiho.bsvdaslejg
Disallow: /wp-admin/

  1. anMvbXlmaWxlLnR4dA== to js/myfile.txt.

  2. Navigating to http://saturn.picoctf.net:65352/js/myfile.txt displays the flag.

Flag

picoCTF{Who_D03sN7_L1k5_90B0T5_718c9043}

this
decodes