HTTP - Directory indexing

Description: CTRL+U...
Difficulty: Easy

🔎 Solution

After accessing the provided website, there is nothing immediately interesting. However, by viewing the page source, we can spot a comment that references admin/pass.html.

Visiting that path results in a rickroll message, so the flag is clearly not located there.

Since that endpoint is a dead end, we can try moving one directory up to /admin/. Listing this directory reveals that, besides pass.html, there is also a /backup directory.

Navigating into this directory, we find a file named admin.txt. Opening this file reveals the password we are looking for.

🚩Flag

LINUX

🔎 Solution​

🚩Flag​

🔎 Solution

🚩Flag