evilzone:Damn them robots
Note: In order to facilitate browsing, the pages have been translated!
The essence of penetration is information collection!
The essence of penetration is information collection!
The essence of penetration is information collection!
Start:
In the introduction of the topic, it seems that no important tips are given.
Visit the goal ...
Welcome page of the website, there is no useful clue. Instead, there is a word emphasized: robot, record it first. F12 Dafa check the basic structure
There is no doubt in the source code. Looking at
the link given in the request title, the request header and the response body have not seen any abnormality for the time being. I want to catch the bag
It ’s the first time, why bother embarrassing each other ... The
first criterion of penetration testing: information collection
Since it is information gathering, return to the welcome page and study it carefully. A clue I just collected: Robots
Look at the link again and collect useful information
Another "robot"!
Seeing the cleverness here, I instantly thought of rebots.txt ( web crawler exclusion standard protocol )
access ~
Sure enough, there is no guessing wrong,
and then continue to visit
Get success! Submit the flag to receive points ~