Duy's Tinkerings

picoCTF 2022 | Roboto Sans Write-up

Challenge description

The flag is somewhere on this web application not necessarily on the website. Find it. Check this out.

Category: Web Exploitation

Solution

While the challenge’s title is indeed the name of a popular font, this is a clever pun, hinting towards the main target of the challenge: the robots.txt file.

robots.txt is a file used to manage web crawlers’ access to a website. You can learn more about it here.

Back to the challenge, you can easily access the file in question by adding /robots.txt to the site’s url. In this case, it’d be http://saturn.picoctf.net:51108/robots.txt.

Some of the random-looking text are just gibberish, but anMvbXlmaWxlLnR4dA== looks like base64 encoded text.

Decoding this text gives us the text “js/myfile.txt”

Let’s view this file on the website by going to http://saturn.picoctf.net:51108/js/myfile.txt

I used curl here because I had my terminal handy, but you can view it on your browser as well

Leguminosae

, ,
, ,

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: