Find the flag where they keep the creepy crawlers away.
http://167.71.246.232/
Alternate: http://167.71.246.232:8080/
To find the subdirectory, use dirb
dirb http://167.71.246.232/
http://167.71.246.232/robots.txt
flag{mr_roboto}
Find the flag here:
http://167.71.246.232/
Alternate: http://167.71.246.232:8080/
Check out the source code and the flag is in comment line
flag{best_implants_ever}
Find the flag here:
http://167.71.246.232/
Alternate: http://167.71.246.232:8080/
Check out the source code and there is a subdirectory as images
http://167.71.246.232/images/ under this directory, we have the list of index for images subdirectory.
In this sub-directoy, try to list unlisted subdirectory.
http://167.71.246.232/images/flag
flag{404_oh_no}
Find the "indexes" flag here: http://167.71.246.232/
Alternate: http://167.71.246.232:8080/
We knew that images subdirectory has two different file.
http://167.71.246.232/images/aljdi3sd.txt read the file.
flag{disable_directory_indexes}
Find the flag here: http://167.71.246.232/
Alternate: http://167.71.246.232:8080/
Send the request to Burp Suite and check out the response.
Alternate: Check out the source code and take a look Header
flag{headersftw}
Find the flag in the ripper doc list.
http://167.71.246.232/
Alternate: http://167.71.246.232:8080/
http://167.71.246.232:8080/certified_rippers.php check out this directory.
Send the request to Burp Suite.
There is Cookie: authenticated=false change it Cookie: authenticated=true
flag{messing_with_cookies}