mrn00b0t

Interfacing between technophile and technophobe

Tenable CTF Web Challenges

Stay Away Creepy Crawlers 25
flag{mr_roboto} was located in robots.txt

Source Of All Evil 25
flag{best_implants_ever} could be seen in the source HTML

Certificate of Authenticity 25
By connecting to the site as HTTPS, then viewing the certificate, we find flag{selfsignedcert}

Can’t Find It 25
By connecting to /index a custom 404 page returns with flag{404_oh_no}

Ripper Doc 50

Ripper Doc is in a protected part of the site. We intercept with Burp and change cookie: authenticated=False to True to obtain:
flag{messing_with_cookies}

Show me what you got 25
The folder images on the web server is directory indexed. Within is a txt file aljdi3sd.txt containing
flag{disable_directory_indexes}

Headers For You Inspiration 25
Open hamburger menu on Firefox browser
Select Web Developer -> Inspector
Go to Network Tab
Reload Page
Select a Response
Check Header Tabs
flag{headersftw}

<span>%d</span> bloggers like this: