PicoCTF/Gym— Scavenger Hunt (Web)

Good evening all,

Having a need to take a small break from the SANS SEC560/GPEN studying. Decided to do some simple CTFs and starting with the Web Series from the 2021 PicoCTF.

First we are given:
“AUTHOR: MADSTACKS

Description
There is some interesting information hidden around this site http://mercury.picoctf.net:5080/. Can you find it?”

First thing, first. Check the Source.

view-source:http://mercury.picoctf.net:5080/index.html

And we have the first part of the flag. If we look close, we can see they are third part css and js files. Lets take a look at them.

view-source:http://mercury.picoctf.net:5080/mycss.css

And here we have part 2 of the flag. Here they make us work, just a little bit for the part 3 (one google search away).

view-source:http://mercury.picoctf.net:5080/myjs.js

Following the yellow brick road leads us to believe there is a robots.txt for a ‘disallow’ value to stop search engines from indexing.

http://mercury.picoctf.net:5080/robots.txt

And here we get part 3 and another hint. With ‘Access’ capitalized we can guess they may be talking about the .htaccess file.

http://mercury.picoctf.net:5080/.htaccess

This one took me a little longer. I don’t use a Mac and did quite a few searches before finally getting it. The search that finally worked : https://duckduckgo.com/?q=%22macintosh%22+website+storage&norw=1&t=brave&ia=web

It leads us to the .DS_Store file,

“.DS_Store, which stands for Desktop Services Store is a hidden file created in every local folder in Mac OS X. This file stores custom attributes such as position of folder icons and the choice of background colors. By default it will be created in every local folder accessed by Mac OS X.”

Anyway, this does lead us to the final part of the flag:

http://mercury.picoctf.net:5080/.DS_Store

As always, Hope you enjoyed this.

-eldud3rino