Scavenger Hunt

Point: 50

Category

Web Exploitation

Question

There is some interesting information hidden around this site http://mercury.picoctf.net:27278/. Can you find it?

Hint

You should have enough hints to find the files, don't run a brute forcer.

Solution

After looking to the website, I opened the source code, It's led me to first part of the flag

<body>
  <div class="container">
    <header>
      <h1>Just some boring HTML</h1>
    </header>

    <button
      class="tablink"
      onclick="openTab('tabintro', this, '#222')"
      id="defaultOpen"
    >
      How
    </button>
    <button class="tablink" onclick="openTab('tababout', this, '#222')">
      What
    </button>

    <div id="tabintro" class="tabcontent">
      <h3>How</h3>
      <p>How do you like my website?</p>
    </div>

    <div id="tababout" class="tabcontent">
      <h3>What</h3>
      <p>
        I used these to make this site: <br />
        HTML <br />
        CSS <br />
        JS (JavaScript)
      </p>
      <!-- Here's the first part of the flag: picoCTF{t -->
    </div>
  </div>
</body>

Next, I looked to css and js file. From css file I got second part of the flag

/* CSS makes the page look nice, and yes, it also has part of the flag. Here's part 2: h4ts_4_l0 */

And in the js file, I got a hint. Okay, just googling the question, then it was help me know about robots.txt file. Thus, I tried to go to target/robots.txt -> got part 3 of the flag

/* How can I keep Google from indexing my website? */

User-agent: *
Disallow: /index.html
# Part 3: t_0f_pl4c
# I think this is an apache server... can you Access the next flag?

From the hint, It was uppercase Access word and it's apache server. Hmm, I was tried to access .htaccess file -> got part 4 of the flag. If you do not know about .htaccess file, basically it's a powerful website file that controls high-level configuration of your website. On servers that run Apache (a web server software), it allows you to changes to your website's configuration without having to edit server configuration

# Part 4: 3s_2_lO0k
# I love making websites on my Mac, I can Store a lot of information there.

It's again with Store uppercase word, so I tried access to .DS_Store file -> I got final part of the flag.

Congrats! You completed the scavenger hunt. Part 5: _a69684fd}

Flag

picoCTF{th4ts_4_l0t_0f_pl4c3s_2_lO0k_a69684fd}