Gobustme 👻
1 minute to read
We have this website:
At the bottom it points the use of gobuster and a dictionary of routes called dirb/common.txt:
As the challenge suggests, let’s use gobuster with dirb/common.txt:
$ gobuster dir -u https://gobustme.ctflearn.com -w $WORDLISTS/dirb/common.txt -q -r
/call (Status: 200) [Size: 42]
/carpet (Status: 200) [Size: 69]
/flag (Status: 200) [Size: 15]
/hide (Status: 200) [Size: 65]
/index.html (Status: 200) [Size: 2712]
/sex (Status: 200) [Size: 58]
/shadow (Status: 200) [Size: 68]
/skin (Status: 200) [Size: 120]
Nice, let’s go to /flag and get the flag:
$ curl https://gobustme.ctflearn.com/flag/
No, too easy :)
Hmmm, then it must be at /hide:
$ curl https://gobustme.ctflearn.com/hide/
It was well hidden isn't it? CTFlearn{gh0sbu5t3rs_4ever} 👻
Just for fun, these were the other routes:
$ curl https://gobustme.ctflearn.com/call/
Who you gonna call? Ghostbusters! 👻
$ curl https://gobustme.ctflearn.com/carpet/
My sheet is dirty, do you mind if I use your carpet instead? 👻
$ curl https://gobustme.ctflearn.com/sex/
Sex? I am 900 years old, I am too old for this... 👻
$ curl https://gobustme.ctflearn.com/shadow/
I am following everywhere you go, I am your shadow... boo! 👻
$ curl https://gobustme.ctflearn.com/skin/
<!DOCTYPE html>
<html>
<head>
</head>
<body>
We are ghosts, do you really think we have skin? 👻
</body>
</html>