Hidden Code - CTF 28
CTF Name: Hidden Code
Topic: Web Exploitation
Flag Format: IHC_CTF{}
CTF Link: https://t.me/ctf_invisiblehc/46
Description:
Usually a site is built with PHP. But the PHP code is not visible in the source code. If you can view it with PHP, you can see the original code.
Solution:
When we visit the challenge link, it asks for login credentials, which we don't have.
Firstly we check the robots.txt by adding "/robots.txt" at the end of the URL. There, we discover a path. /admin.txt
Upon accessing "/admin.txt," we encounter a PHP code that printed the message "You need admin permission."
To proceed, we modify the path to "/admin.php" but it still shows the output of the PHP code from /admin.txt.
Our main objective is to obtain a login username and password, which are stored in "index.php" To access this, we need to read the source code from /index.php Alternatively, we might find the source code in "/index.txt"
Upon checking "index.txt," we successfully retrieve the source code along with the login credentials. Using this username and password, we can finally access the flag.
flag: IHC_CTF{50RC3_15_U53FU1}
Join Our CTF Channel: