web
Titanic
Solved By : thewhiteh4t
- In this challenge we were given a website of a company
- Two things which instantly caught attention were
URL Capture
andAdmin
buttons - URL capture service accepts a URL and takes screenshot of the webpage
- Admin page got a login
- First idea was to try
http://localhost
and it worked
- This is same as the loading splash screen I saw while loading the challenge website
- Next I checked
robots.txt
and got 200 and this revealed a new path/server-status
- Next I obviously tried to access
/server-status
and got 200 again
- And in the logs you can see the login credentials!
SWAGGY
Solved by: Taz34
-
Change the server to the testing server
-
now authorize using the admin:admin credentials
-
now try and execute the request to get the flag
here we have the flag.
Confidentiality
Solved by: Taz34
- here we have a service which lists all the items in the mentioned dir
- so i simply started looking for flag, look for elements in the /home dir
- here we have a user dir and in that we have the flag.txt
now to red the file
/home/user & cat /home/user/flag.txt ![](https://i.imgur.com/G0AlZ6s.png)
here we have the flag