CTFtime.org / picoCTF 2022 / roboto sans / Writeup

# Roboto Sans - picoCTF 2022 - CMU Cybersecurity Competition
Web Exploitation, 200 Points

## Description

![‏‏info.JPG](images/info.JPG)

## Roboto Sans Solution

By browsing the [website](http://saturn.picoctf.net:53295/) from the challenge description we can see the following web page:

![webpage.JPG](images/webpage.JPG)

According to the challenge name we get the hint about ```robots.txt``` file, Let's observe [robots.txt](http://saturn.picoctf.net:65442/robots.txt) file:
```http
User-agent *
Disallow: /cgi-bin/
Think you have seen your flag or want to keep looking.

ZmxhZzEudHh0;anMvbXlmaW
anMvbXlmaWxlLnR4dA==
svssshjweuiwl;oiho.bsvdaslejg
Disallow: /wp-admin/
```

We can see the base64 string ```anMvbXlmaWxlLnR4dA==``` which is ```js/myfile.txt```, By observing [http://saturn.picoctf.net:65442/js/myfile.txt](http://saturn.picoctf.net:65442/js/myfile.txt) file we get the flag ```picoCTF{Who_D03sN7_L1k5_90B0T5_a4f5cc70}```

Original writeup (https://github.com/evyatar9/Writeups/tree/master/CTFs/2022-picoCTF2022/Web_Exploitation/200-Roboto_Sans).

roboto sans

Comments

Sign in with