Scavenger Hunt | Mar 3, 2023
Introduction
Welcome to my another writeup! In this picoGym challenge, you’ll learn: Inspecting HTML, viewing web crawler file (robots.txt), Apache’s .htaccess file, and MacOS .DS_Store file! Without further ado, let’s dive in.
- Overall difficulty for me (From 1-10 stars): ★☆☆☆☆☆☆☆☆☆
Background
Author: madStacks
Description
There is some interesting information hidden around this site http://mercury.picoctf.net:27393/. Can you find it?
Enumeration
Home page:
Pretty empty. Let’s view the source page:
[...]
<head>
<title>Scavenger Hunt</title>
<link href="https://fonts.googleapis.com/css?family=Open+Sans|Roboto" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="mycss.css">
<script type="application/javascript" src="myjs.js"></script>
</head>
[...]
<!-- Here's the first part of the flag: picoCTF{t -->
[...]
We found the first 3 parts of the flag in the HTML comment! picoCTF{t.
- Flag:
picoCTF{t
Also, in the <head> element, there are 2 files are being imported: mycss.css, myjs.js.
mycss.css:
[...]
#tabintro { background-color: #ccc; }
#tababout { background-color: #ccc; }
/* CSS makes the page look nice, and yes, it also has part of the flag. Here's part 2: h4ts_4_l0 */
- Flag:
picoCTF{th4ts_4_l0
myjs.js:
[...]
window.onload = function() {
openTab('tabintro', this, '#222');
}
/* How can I keep Google from indexing my website? */
Hmm… “How can I keep Google from indexing my website?”
Based on my experience, it’s referring to robots.txt, a web crawler file for search engine’s robots.
In Google Support, it said:
A page is indexed by Google if it has been visited by the Google crawler (“Googlebot”), analyzed for content and meaning, and stored in the Google index. Indexed pages can be shown in Google Search results (if they follow Google’s webmaster guidelines). While most pages are crawled before indexing, Google may also index pages without access to their content (for example, if a page is blocked by a robots.txt directive).
That being said, let’s go to /robots.txt:
┌[siunam♥earth]-(~/ctf/picoGym/Web-Exploitation)-[2023.03.03|18:07:01(HKT)]
└> curl http://mercury.picoctf.net:27393/robots.txt
User-agent: *
Disallow: /index.html
# Part 3: t_0f_pl4c
# I think this is an apache server... can you Access the next flag?
- Flag:
picoCTF{th4ts_4_l0t_0f_pl4c
Again, based on my experience, it’s referring to Apache’s .htaccess file.
In Apache documentation, it said:
.htaccessfiles (or “distributed configuration files”) provide a way to make configuration changes on a per-directory basis. A file, containing one or more configuration directives, is placed in a particular document directory, and the directives apply to that directory, and all subdirectories thereof.TL;DR:
.htaccessis the Apache web server configuration file.
┌[siunam♥earth]-(~/ctf/picoGym/Web-Exploitation)-[2023.03.03|18:11:16(HKT)]
└> curl http://mercury.picoctf.net:27393/.htaccess
# Part 4: 3s_2_lO0k
# I love making websites on my Mac, I can Store a lot of information there.
- Flag:
picoCTF{th4ts_4_l0t_0f_pl4c3s_2_lO0k
Now, I have no idea in this hint, as I never touch MacOS before.
Let’s google that:
Found it! The hint is referring to .DS_Store, which is a file that stores custom attributes of its containing folder, such as folder view options, icon positions, and other visual information.
┌[siunam♥earth]-(~/ctf/picoGym/Web-Exploitation)-[2023.03.03|18:13:34(HKT)]
└> curl http://mercury.picoctf.net:27393/.DS_Store
Congrats! You completed the scavenger hunt. Part 5: _d375c750}
- Final flag:
picoCTF{th4ts_4_l0t_0f_pl4c3s_2_lO0k_d375c750}
What we’ve learned:
- Inspecting HTML
- Viewing Web Crawler File (
robots.txt), Apache’s.htaccessFile & MacOS.DS_StoreFile