Stay Away Creepy Crawlers 25
flag{mr_roboto} was located in robots.txt
Source Of All Evil 25
flag{best_implants_ever} could be seen in the source HTML
Certificate of Authenticity 25
By connecting to the site as HTTPS, then viewing the certificate, we find flag{selfsignedcert}
Can’t Find It 25
By connecting to /index a custom 404 page returns with flag{404_oh_no}
Ripper Doc 50
Ripper Doc is in a protected part of the site. We intercept with Burp and change cookie: authenticated=False to True to obtain:
flag{messing_with_cookies}
Show me what you got 25
The folder images on the web server is directory indexed. Within is a txt file aljdi3sd.txt containing
flag{disable_directory_indexes}
Headers For You Inspiration 25
Open hamburger menu on Firefox browser
Select Web Developer -> Inspector
Go to Network Tab
Reload Page
Select a Response
Check Header Tabs
flag{headersftw}
mrn00b0t 