Beep beep boop
Security Summer School
Humanoid Security – SSS
Category
Web Exploitation
Difficulty
Easy
Challenge Overview
I entered the website, checked for the cookies, analyzing the page source, but nothing seemed to catch my eyes.
Fuzzing this with gobuster (using common.txt from SecLists), dirsearch or other tools, was the solution to reveal that there is /robots.txt. A very beginner path but somehow I didn't think of it in my first steps.
Going to /robots.txt path we get this
That long string seems to be hex encoded so when we decode it using CyberChef we get:
secret for ASIMO
Doing a little bit of research I saw that ASIMO was the best humanoid robot.
However, going to this path: /73656372657420666f72204153494d4f.php
We see a simple text: "This is a secure area that can only be accessed by the most advanced humanoid robots."
When we talk about access we often talk in fact about cookies or sessionID. Analyzing the cookies we see this:
Changing its value from HUMAN to ASIMOV and refreshing the page we get the flag in front of our face.
Note: ASIMO is inspired by Isaac Asimov, the well-known science fiction writer. I found that he wrote in some of his stories and novels about intelligent robots and their interaction with humans.
It was a bit guessy and weird challenge to be honest.
Final Flag
SSS{hum4n0id5_and_c00ki3s}
made by k0d
Last updated