AppVenture by NUS High

[AVCTF2021] AppVenture Login Part 0

Posted 21 December 2021 by Zhao YunZhao Yun

AppVenture Login page must be the most secure right? URL:


What's the first thing you do when pentesting a website?

One of the common files that websites contain is the robots.txt, which decides what scrapers like google-bot can see and should see.

In this case the robots contains a path to the source code of the website, and the flag is inside the source code.

User-agent: *
Disallow: /c7179ef35b2d458d6f2f68044816e145/

flag0 = "flag{you_can_use_automated_tools_like_nikto_to_do_this}"

Flag obtained