📊 Challenge Overview

Category	Details	Additional Info
🏆 Event	RingZer0 CTF	Event Link
🔰 Category	Web	🌐
💎 Points	1	Out of 1 total
⭐ Difficulty	🟢 Easy	Personal Rating: 0/10
👤 Author	Mr.Un1k0d3r	Profile
🎮 Solves (At the time of flag submission)	4.829	solve rate
📅 Date	06-03-2025	RingZer0 CTF
🦾 Solved By	mH4ck3r0n3	Team:

🎯 Challenge Files & Infrastructure

Provided Files

1	Files: None

🔍 Initial Analysis

First Steps

Initially, the website appears as follows:

We are given a hint: “Even Google cannot find this one.” Google’s spider, crawler, or whatever you want to call it, uses a file called sitemap.xml. After a quick search, I discovered that “Google won’t crawl or index the content blocked by a robots.txt file.”

So we can already move on to the exploitation phase.

🎯 Solution Path

Exploitation Steps

Exploitation

The exploitation phase is very simple. By visiting https://ringzer0ctf.com/robots.txt, I found the following Disallow:

And by visiting the route https://ringzer0ctf.com/16bfff59f7e8343a2643bdc2ee76b2dc/, I found the flag.

Flag capture

🛠️ Exploitation Process

Approach

The automatic exploit follows the same procedure as the manual one. It makes a GET request to /robots.txt, extracts the route using a regex, and then makes another GET request to the extracted route to retrieve the flag.

•  Exploit

🚩 Flag Capture

Flag

Proof of Execution

Screenshot of successful exploitation

🔧 Tools Used

Tool	Purpose
Python	Exploit

💡 Key Learnings

New Knowledge

I found out that apparently, Google’s crawler doesn’t see the robots.txt file. (You always learn something new!)

Skills Improved

• Binary Exploitation
• Reverse Engineering
• Web Exploitation
• Cryptography
• Forensics
• OSINT
• Miscellaneous

📚 References & Resources

Learning Resources

• https://developers.google.com/search/docs/crawling-indexing/robots/intro

📊 Final Statistics

Created: 06-03-2025 • Last Modified: 06-03-2025 *Author: mH4ck3r0n3 • Team: *