Posts Categories Tags About Me

Contents

🌐 Scavenger Hunt

A detailed write-up of the Web challenge 'Scavenger Hunt' from PicoCTF - 2021

mH4ck3r0n3 Ethical Hacking/CTFs/Jeopardy/PicoGym/PicoCTF-2021/Web
   403 words   2 minutes 

/images/PicoGym/PicoCTF-2021/ScavengerHunt/challenge_presentation.png
Challenge Presentation

📊 Challenge Overview

Category Details Additional Info
🏆 Event PicoGym Event Link
🔰 Category Web 🌐
💎 Points Out of 500 total
⭐ Difficulty 🟢 Easy Personal Rating: 0/10
👤 Author madStacks Profile
🎮 Solves 64.915 solve rate
📅 Date 30-01-2025 PicoGym
🦾 Solved By mH4ck3r0n3 Team:

📝 Challenge Information

There is some interesting information hidden around this site http://mercury.picoctf.net:5080/. Can you find it?

🎯 Challenge Files & Infrastructure

Provided Files

1

Files: None

🔍 Initial Analysis

First Steps

Initially, the website appears as follows:

/images/PicoGym/PicoCTF-2021/ScavengerHunt/site_presentation.png
Site Presentation

Since there was nothing interesting, the first thing I tried to do was inspect the page source, and inside it, I found the first part of the flag. So, let’s move on to the exploitation.

🎯 Solution Path

Exploitation Steps

Initial setup

After finding the first part of the flag, I decided to continue inspecting the page more thoroughly.

Exploitation

By trying to check the files included in the page source of index, I found /mycss.css, and after opening it, I found the second part of the flag. Then, since there was nothing else, I tried running Gobuster:

/images/PicoGym/PicoCTF-2021/ScavengerHunt/gobuster.png
Gobuster

By performing a fuzzing of common files, I found /robots.txt. After trying to access it, I found the third part of the flag along with a hint, which indicated that it was an Apache server. So, I took the second result from Gobuster, /.htaccess, and inside it, I found the fourth part of the flag and another clue mentioning Store. Finally, by accessing the third result from Gobuster, /.DS_Store, I found the fifth and final part of the flag. I then combined all the parts to obtain the complete flag.

Flag capture

/images/PicoGym/PicoCTF-2021/ScavengerHunt/manual_flag.png
Manual Flag 1
/images/PicoGym/PicoCTF-2021/ScavengerHunt/manual_flag2.png
Manual Flag 2
/images/PicoGym/PicoCTF-2021/ScavengerHunt/manual_flag3.png
Manual Flag 3
/images/PicoGym/PicoCTF-2021/ScavengerHunt/manual_flag4.png
Manual Flag 4
/images/PicoGym/PicoCTF-2021/ScavengerHunt/manual_flag5.png
Manual Flag 5

🛠️ Exploitation Process

Approach

The exploit retrieves each part of the flag by making a request and extracting it using a regex, then finally combines all the parts to form the complete flag.

🚩 Flag Capture

Flag

Proof of Execution

/images/PicoGym/PicoCTF-2021/ScavengerHunt/automated_flag.png
Automated Flag
Screenshot of successful exploitation

🔧 Tools Used

Tool Purpose
Python Exploit
Gobuster File Discovery

💡 Key Learnings

Skills Improved

  • Binary Exploitation
  • Reverse Engineering
  • Web Exploitation
  • Cryptography
  • Forensics
  • OSINT
  • Miscellaneous

📊 Final Statistics

Metric Value Notes
Time to Solve 00:02 From start to flag
Global Ranking Challenge ranking
Points Earned Team contribution

Created: 30-01-2025 • Last Modified: 30-01-2025 *Author: mH4ck3r0n3 • Team: *

Updated on 12/02/2025
Read Markdown
 🌐 Web Security
Back | Home