014

• Description: Find the flag in the domain http://momo.hackmyvm.eu

---

🔎 Solution

For this challenge, I used gobuster to scan the website's directories.

> gobuster dir -u http://momo.hackmyvm.eu -w /usr/share/wordlists/dirb/common.txt
===============================================================
Gobuster v3.8
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:                     http://momo.hackmyvm.eu
[+] Method:                  GET
[+] Threads:                 10
[+] Wordlist:                /usr/share/wordlists/dirb/common.txt
[+] Negative Status codes:   404
[+] User Agent:              gobuster/3.8
[+] Timeout:                 10s
===============================================================
Starting gobuster in directory enumeration mode
===============================================================
/index.html           (Status: 200) [Size: 268]
/robots.txt           (Status: 200) [Size: 15]
Progress: 4613 / 4613 (100.00%)
===============================================================
Finished
===============================================================

The scan revealed /robots.txt. Accessing this path displays the flag:

> curl http://momo.hackmyvm.eu/robots.txt                                                                     
HMV{robotized}

🚩Flag

HMV{robotized}