Barry’s Web Application

Challenge:

I’ve made this cool new web application that I plan to use to host a blog. Please check it out at http://host1.metaproblems.com:5620/ Right now it’s still currently being built, but I hope you enjoy what’s there so far!

http://host1.metaproblems.com:5620/dev/webapp/

Solution:

Browsing to the provided URL displays a very generic web page:

I viewed the HTML source looking for possible clues in HTML comments, linked Javascript, CSS or other resources, but the page contained none. Given that the URL path was /dev/webapp/ I tried traversing back a directory and found that directory listings were enabled on the web server:

Under the “docs” directory there was a file named flag.txt and it contained the challenge flag:

MetaCTF{Dont_l3t_y0ur_d1rect0ries_b3_l1st3d}

Published:

Updated:

Leave a comment