Assessment Methodologies: Information Gathering CTF 1 (EJPT INE)

Hii all!!

I’m excited to share the write-up of my recently purchased EJPT CTF, and I’m glad to walk you through the solution.

Let’s get started!

Time to dive into our first lab!

Q.1 This tells search engines what to and what not to avoid.

As we know, the robots.txt file tells search engines what to crawl and what to avoid. Let’s take a look at the robots.txt file, and here we find our first flag.

FLAG 1: f2ee2d09e076462eadce8807895a4461

Q.2 What website is running on the target, and what is its version?

To determine the version of the website, we can use Nmap to identify the server and its version. Run the following command in the terminal: “nmap target.ine.local -sC -sV”

And here we find our second flag, which is:

FLAG 2: 3395843029c743ddb00c9adac8b2c7cc

Q.3 Directory browsing might reveal where files are stored.

For this, we need to brute-force the directories, and we can use the simple dirb command. Once we run the scan, we will need to manually search for the flag.

The flag is located in the wp-content/uploads directory.

FLAG 3: ccca869e58f54c02b0fa4f9b5a1ee84f

Q.4 An overlooked backup file in the webroot can be problematic if it reveals sensitive configuration details.

To find the backup files, we need to use the -X option in the command to specify the file extensions. The most common backup file extensions are: .bak, .tar.gz, .zip, .sql, and .bak.zip.

Run the following command in Terminal: “dirb http://target.ine.local -w /usr/share/dirb/wordlists/big.txt -X .bak,.tar.gz,.zip,.sql,.bak.zip”

We can use the curl command to read its contents. And here, we find our fourth flag, which is:

curl http://target.ine.local/wp-config.bak

FLAG 4: de9e6050a6de44daa74e91e87b3112f3

Q.5 Certain files may reveal something interesting when mirrored.

As the question suggests, we need to mirror the website to find this flag. To mirror the website, we can use the httrack command:

httrack http://target.ine.local -O target.html

Once the mirroring is complete, navigate to the directory where the website was saved. The flag is located in the file xmlrpc0db0.php.

FLAG 5: e79d9c81cc384cdd91bbc563fd61b7ee

Thank you for reading!
See you all in the next CTF.

Happy Hacking!