Titanic Writeup

Solved By : thewhiteh4t

• In this challenge we were given a website of a company
• Two things which instantly caught attention were URL Capture and Admin buttons
• URL capture service accepts a URL and takes screenshot of the webpage

• Admin page got a login
• First idea was to try http://localhost and it worked

• This is same as the loading splash screen I saw while loading the challenge website
• Next I checked robots.txt and got 200 and this revealed a new path /server-status

• Next I obviously tried to access /server-status and got 200 again

• And in the logs you can see the login credentials!