#### [https://waletsec.github.io/posts/2021-04-26-You-should-die-HeroCTF.fr.html](https://waletsec.github.io/posts/2021-04-26-You-should-die-HeroCTF.fr.html)
### You will need

- Web browser
- Curl command

### Solution

We go to the address given to us - [http://chall1.heroctf.fr:9000/](http://chall1.heroctf.fr:9000/).
Here, if we open DevTools, we can find an interesting comment inside the `body` element.
```html
<body id="page-top">

```
We have got the information that `admin.php.bak` is not removed, so we go there, and look at how admin.php code looks like - [http://chall1.heroctf.fr:9000/admin.php.bak](http://chall1.heroctf.fr:9000/admin.php.bak)
```php

Original writeup (https://waletsec.github.io/posts/2021-04-26-You-should-die-HeroCTF.fr.html).