Open in app

Sign in

Write

Sign in

Where are the robots — PicoCTF Walkthrough

Gresecure
3 min readNov 29, 2024

--

Challenge Overview

Initial Analysis: Deciphering the Challenge

The first step in tackling any CTF challenge is understanding its nature. Here’s how we can approach the initial analysis for this specific challenge:

Keywords and Hints: As the challenge title mentions “robots,” there’s a strong possibility it involves web scraping or robots.txt manipulation. We can explore these areas further.
Web Application Analysis: While you didn’t find any relevant information in the initial source code inspection, it’s a valuable step. We can revisit the source code later in the process, focusing on specific elements related to robots.

Understanding Robots.txt and Web Crawlers

Before diving deeper into “robots” aspects, let’s clarify some key concepts:

Robots.txt:This is a plain text file located at the root of a website (e.g., `yourwebsite.com/robots.txt`). It provides instructions for web crawlers (often used by search engines) on which parts of the website they can access.
Web Crawlers : These are automated programs used by search engines like Google and Bing to scan websites, gather information, and build their search indexes.

Procedure:

  1. Accessing the Robots.txt File

To access the robots.txt file of the challenge webpage, simply add “/robots.txt” to the website’s URL of the challenge.

/robots.txt

2. Interpreting the Robots.txt Output

The file might contain a line like `disallow: /path/to/restricted/file.html`. This indicates a specific path on the website that the crawler should not access.

3. Following the Disallowed Path:

The key lies in the path mentioned after “disallow:”. In my case, it was “/477ce.html” (this value may vary for different users). Remove the “/robots.txt” part from the website URL and replace it with the value you just found.

 https://jupiter.challenges.picoctf.org/problem/36474/thevalueyougot.html

4. Reaching the Flag

This step assumes the robots.txt file is pointing you towards a hidden page that might contain the flag. By following the path derived from the robots.txt file, you will land on a webpage containing the challenge flag.

The flag we captured — picoCTF{ca1cu1at1ng_Mach1n3s_477ce}

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Picoctf
Ctf Writeup
Ctf Walkthrough
Cybersecurity
Ctf

--

--

Gresecure
Gresecure

Written by Gresecure

6 Followers
11 Following

Cyber Security | OSINT buff | Digital 4n6 novice| Security& Privacy Aficionado !

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams