~# cat Question

In this linux machine, you can access the vulnerable machines and pivot through the network to find the flag. For the first part, there is an APACHE web server running at 200.200.200.168.

ssh -p 4524 -J team_o51G0@users.ncl.sg team_o51G0@172.18.178.17 0x@NSS5JvwmPRQrd9D

We are given a web and remote server for this challenge. Firstly we can SSH into this remote server. From there we can curl the web server to view the page source.

team_o51G0@tx-vm:~$ curl 200.200.200.168
Welcome to HackBash 2024
Glad you find me.
However, I bet you can't find my secret file. 
Even search engines like Google will never find it!

Checking for other pages on the web server

We can also use curl to send HTTP requests to 200.200.200.168/robots.txt with a specific user agent string (ls /).

• robots.txt is a text file placed on a website's server to provide instructions to web crawlers and other web robots about which pages or files the crawler can or cannot request from the site.

team_o51G0@tx-vm:~$ curl 200.200.200.168/robots.txt
User-agent: *
Disallow: /cgi-bin/parameterbackdoor.sh

# shh don't let people know about my backdoor
# part 1 flag: flag{scanning_da_web_app!}

Flag: flag{scanning_da_web_app!}