write up ctf by ariafatah

ariaf.my.id/ctf_aria/web_exploit/E_Scavenger Hunt.html

soal

There is some interesting information hidden around this site http://mercury.picoctf.net:55079/. Can you find it?

hint

  • You should have enough hints to find the files, don’t run a brute forcer.

solve

  • saya menemukan flag di
    • view-source:http://mercury.picoctf.net:55079/ <!-- Here's the first part of the flag: picoCTF{t -->
    • http://mercury.picoctf.net:55079/mycss.css /* CSS makes the page look nice, and yes, it also has part of the flag. Here's part 2: h4ts_4_l0 */
    • dan yang ketiga saya tidak menemukan di js namun ketika saya cek di robots.txt
      • http://mercury.picoctf.net:55079/robots.txt 
        User-agent: *
Disallow: /index.html
# Part 3: t_0f_pl4c
# I think this is an apache server... can you Access the next flag?
      • dan karena di flag ketiga terdapat kata apachhe mungkin di htaccess jadi saya coba cek
        • http://mercury.picoctf.net:55079/.htaccess 
          # Part 4: 3s_2_lO0k
# I love making websites on my Mac, I can Store a lot of information there.
      • lalu saya mencari flag yang terakhir hanya saja tidak menemukan
        • saya mencari di goggle dan ternyata ada file .DS_Store pada mac
        • https://iboysoft.com/wiki/ds-store.html
        • http://mercury.picoctf.net:55079/.DS_Store Congrats! You completed the scavenger hunt. Part 5: _74cceb07}
  • lalu saya menggabungkan format flag picoCTF{th4ts_4_l0t_0f_pl4c3s_2_lO0k_74cceb07}

flag

picoCTF{th4ts_4_l0t_0f_pl4c3s_2_lO0k_74cceb07}