Tag List
Sign In


"Jamie, a big football fan, created his very first web site. Since it is so handy to have a publicly accessible web site, Jamie also stores a secret file on it, which he often needs to access from remote. Can you find this file?"

Accessing the site at the URL given shows us this page: The website

A good first step with web challenges is to use nikto to scan for common vulnerabilities - The result of the scan is shown below: Nikto scan

From this scan we can see that the website may be vulnerable to OSVDB-6694 (or CVE-2001-1446) - A vulnerability in which website hosts running Mac OSX leave .DS_Store files publicly accessible. These files contain information about the directory they are in, including contents. Navigating to <Base URL>/.DS_Store provides us with the .DS_Store for the website's root folder. We can use a .DS_Store reader such as this site (or with python using this module) to read the file, which gives us the following output:


The secret__stuff folder is most likely where we can find our flag. Navigating to this folder gives us a blank page but we can use the same DS_Store trick to find the directory listing for this folder, again using the same site gives us the following output:


Open <base_URL>/secret__stuff/personal_notes.txt and we are presented with our flag: