Tags: web 


Let's look at description.
> Even google won't be able to find the flag. Still you can try if you want: http://defcon.org.in:6061/

First thing that strikes from "google won't be able to find the flag" => there's got to be robots.txt file :D

Hitting http://defcon.org.in:6061/robots.txt returns
User-agent: *
Disallow: /500786fbfb9cadc4834cd3783894239d
Now, I got stuck at this for a while as I was trying to access http://defcon.org.in:6061/500786fbfb9cadc4834cd3783894239d but DUH, that's a directory, not a file. That's why it kept giving me 404. Hmmm, must be a file in that directory then, that I need to access.

A couple more minutes, and it struck me. What's the name of challenge LOL? (flag.txt) :P

So, I quickly hit the page http://defcon.org.in:6061/500786fbfb9cadc4834cd3783894239d/flag.txt in my browser and Voila! `The flag is d4rk{r0b075_7x7_4r3_v3ry_c0mm0n}c0de`

Original writeup (https://github.com/mananpal1997/Hackcon_WriteUps_2017).
ArckmanAug. 28, 2017, 3:29 p.m.

Hi,why i response 404,when i access http://defcon.org.in:6061/500786fbfb9cadc4834cd3783894239d/?