More Secret - CTF 20

CTF Name: More Secret

Topic: Web Exploitation

Flag Format: IHC_CTF{}

CTF Link: https://t.me/ctf_invisiblehc/35

Description:

Hidden file is needed for a site. If anyone find the hidden file they can harm the site. 

Solution:

visiting the challenge site, we're presented with a login page that requires us to log in. Just below, we find the following text:

Username & Password is very very easy. So try username & password randomly.

"Username & Password is very very easy. So try username & password randomly."

We followed these instructions and successfully logged in using 'username' as the username and 'password' as the password.

After logging in, we are taken to a webpage displaying the text:

You are Logged in as User. To find the flag, log in as Admin.

To achieve this, we modify the URL value from:

https://site.invisiblehc.com/ctf/20/index.php?id=1

         to

https://site.invisiblehc.com/ctf/20/index.php?id=2

visiting the new URL, we found the text:

You are Logged in as Admin. Now, locate the hidden file."

In our quest to find the hidden file, we navigate to the 'robots.txt' file, where we discover a pathway: '/admin.php'.

Upon traversing this path, we finally found the.

 flag: "IHC_CTF{Y0U_5UCC355FU11Y_10993D_1N_skdfjm}

Join Our CTF Channel:

https://t.me/ctf_invisiblehc/35