<- WEB

Gobustme đź‘»

1 minuto de lectura

Tenemos esta página web:

Gobustme 1

En la parte de abajo se indica el uso de gobuster con un diccionario de rutas llamado dirb/common.txt:

Gobustme 2

Como el reto sugiere, vamos a usar gobuster con dirb/common.txt:

$ gobuster dir -u https://gobustme.ctflearn.com -w $WORDLISTS/dirb/common.txt -q -r  
/call                 (Status: 200) [Size: 42]
/carpet               (Status: 200) [Size: 69]
/flag                 (Status: 200) [Size: 15]
/hide                 (Status: 200) [Size: 65]
/index.html           (Status: 200) [Size: 2712]
/sex                  (Status: 200) [Size: 58]
/shadow               (Status: 200) [Size: 68]
/skin                 (Status: 200) [Size: 120]

Perfecto, vamos a /flag para conseguir la flag:

$ curl https://gobustme.ctflearn.com/flag/  
No, too easy :)

Hmmm, entonces tendrá que estar en /hide:

$ curl https://gobustme.ctflearn.com/hide/
It was well hidden isn't it? CTFlearn{gh0sbu5t3rs_4ever} &#128123

Solo por curiosidad, estas eran las otras rutas:

$ curl https://gobustme.ctflearn.com/call/
Who you gonna call? Ghostbusters! &#128123

$ curl https://gobustme.ctflearn.com/carpet/
My sheet is dirty, do you mind if I use your carpet instead? &#128123  

$ curl https://gobustme.ctflearn.com/sex/
Sex? I am 900 years old, I am too old for this... &#128123

$ curl https://gobustme.ctflearn.com/shadow/
I am following everywhere you go, I am your shadow... boo! &#128123;

$ curl https://gobustme.ctflearn.com/skin/
<!DOCTYPE html>
<html>
<head>
</head>

<body>
We are ghosts, do you really think we have skin? &#128123;
</body>
</html>