<- WEB

Gobustme đź‘»

1 minute to read

We have this website:

Gobustme 1

At the bottom it points the use of gobuster and a dictionary of routes called dirb/common.txt:

Gobustme 2

As the challenge suggests, let’s use gobuster with dirb/common.txt:

$ gobuster dir -u https://gobustme.ctflearn.com -w $WORDLISTS/dirb/common.txt -q -r  
/call                 (Status: 200) [Size: 42]
/carpet               (Status: 200) [Size: 69]
/flag                 (Status: 200) [Size: 15]
/hide                 (Status: 200) [Size: 65]
/index.html           (Status: 200) [Size: 2712]
/sex                  (Status: 200) [Size: 58]
/shadow               (Status: 200) [Size: 68]
/skin                 (Status: 200) [Size: 120]

Nice, let’s go to /flag and get the flag:

$ curl https://gobustme.ctflearn.com/flag/  
No, too easy :)

Hmmm, then it must be at /hide:

$ curl https://gobustme.ctflearn.com/hide/
It was well hidden isn't it? CTFlearn{gh0sbu5t3rs_4ever} &#128123

Just for fun, these where the other routes:

$ curl https://gobustme.ctflearn.com/call/
Who you gonna call? Ghostbusters! &#128123

$ curl https://gobustme.ctflearn.com/carpet/
My sheet is dirty, do you mind if I use your carpet instead? &#128123  

$ curl https://gobustme.ctflearn.com/sex/
Sex? I am 900 years old, I am too old for this... &#128123

$ curl https://gobustme.ctflearn.com/shadow/
I am following everywhere you go, I am your shadow... boo! &#128123;

$ curl https://gobustme.ctflearn.com/skin/
<!DOCTYPE html>
<html>
<head>
</head>

<body>
We are ghosts, do you really think we have skin? &#128123;
</body>
</html>