PicoCTF-2022 Writeup
Search
K

Roboto Sans

Challenge

The flag is somewhere on this web application not necessarily on the website. Find it. Check this out.

Solution

  1. 1.
    Looking at robots.txt (http://saturn.picoctf.net:65352/robots.txt) shows the following:
User-agent *
Disallow: /cgi-bin/
Think you have seen your flag or want to keep looking.
ZmxhZzEudHh0;anMvbXlmaW
anMvbXlmaWxlLnR4dA==
svssshjweuiwl;oiho.bsvdaslejg
Disallow: /wp-admin/
  1. 1.
    anMvbXlmaWxlLnR4dA== decodes to js/myfile.txt.
  2. 2.
    Navigating to http://saturn.picoctf.net:65352/js/myfile.txt displays the flag.

Flag

picoCTF{Who_D03sN7_L1k5_90B0T5_718c9043}
Web Exploitation - Previous
noted
Next - Web Exploitation
SQLiLite
Last modified 1yr ago