Write-up – Web 50 – Robots.txt is not the only one

Points: 50
Author: Le_suisse
Description: Get information


First web challenge, when launching website this page appears :

Firstly, we tried to display robot.txt file located in the root path, but it was a trap :

NOPE

Back to main page, it seems that both numbers looks like RFC number..Bingo !

RFC5785 defines Well-Known URL(“/.well-known/”)
RFC7033
 refers to WebFinger protocol

Let’s combine both, and navigate to http://localhost:2050/.well-known/webfinger/

Browser will download a small file, open it :

Some endpoints can be discovered through Well-Known URIs.
https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml

GH16{keep_data_hidden}

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.