"Jamie, a big football fan, created his very first web site. Since it is so handy to have a publicly accessible web site, Jamie also stores a secret file on it, which he often needs to access from remote. Can you find this file?"
Accessing the site at the URL given shows us this page:
A good first step with web challenges is to use
nikto to scan for common vulnerabilities - The result of the scan is shown below:
From this scan we can see that the website may be vulnerable to
CVE-2001-1446) - A vulnerability in which website hosts running Mac OSX leave .DS_Store files publicly accessible. These files contain information about the directory they are in, including contents.
Navigating to <Base URL>/.DS_Store provides us with the .DS_Store for the website's root folder.
We can use a .DS_Store reader such as this site (or with python using this module) to read the file, which gives us the following output:
css img-publ js secret__stuff
secret__stuff folder is most likely where we can find our flag. Navigating to this folder gives us a blank page but we can use the same DS_Store trick to find the directory listing for this folder, again using the same site gives us the following output:
<base_URL>/secret__stuff/personal_notes.txt and we are presented with our flag: