Tags: web_exploitation
Rating:
Solution:
1. robots.txt Directory:
The homepage hints towards checking the /robots.txt directory. Upon accessing it, we find an encrypted text and a decryption key.
2. Decoding the Cipher:
Using a Base64 decoder, the cipher text from the /robots.txt leads us to the URL /secret-location.
3. Analyzing /secret-location:
On this page, there is a statement with important keywords hinting at the encryption type: AES128 CBC.
This hint is also present in the HTML source code.
4. Decrypting the Cipher Text:
In the browser's local storage, there is a flag field containing cipher text. To decrypt it, we already know the encryption type (AES128 CBC) and the decryption key from /robots.txt.
Use an online tool like AES-128-CBC Decryption to decrypt the text.
5. Get the Flag:
After decrypting the cipher, the flag is revealed.
`Flag: VishwaRecruits{g0_Su8m1t_1t_Qu14kl7}`
