1.robots
robots is an agreement between the website with reptiles, tell the corresponding txt format with a simple and direct way text reptiles are allowed permission
so to do the following
Find and access the file location flag
to get flag is
2.backup
Open to the title of the website can see this sentence
By Baidu that
Then proceed as follows, in the back of the original URL plus index.php.bak
get the following file name suffix .bak, and then change the file extension to open the text
found inside flag
3.cookie
Cookie (data stored on the user's local terminal)
Cookie information is not its intent "cookies" means, but a simple text file stored in the client, this file is associated with a particular Web documents together to save the client to access the Web document at when the client accesses the Web document again use this information available to the document. As the "Cookie" has magical properties can be stored on the client, so it can help us to realize the function of recording your personal information, and all this without having to use complex CGI and other procedures.
For example, a Web site might generate a unique ID for every visitor, and then stored on each user's machine in the form of Cookie files. If you use a browser to access the Web, you will see all Cookie saved on the hard disk. In this folder is a file for each from the "name / value" for text files, plus a file stores information about all the corresponding Web site. Here each Cookie file is a simple and plain text files. Through the file name, you can see which Web sites to place a Cookie on the machine (of course, the site also has information stored in the file).
With burp suit capture
the prompts to the following URL
to see a prompt and
then we did it
to see the flag
4.disabled button
This is not a press button appears, then press F12
to get button click can perform the appropriate action, so will disable delete
and then click the flag button to see the final result we want.
5. weak auth
Just input, press login
out of this sentence
so that the user name is admin
Since it is a weak password Then you burp suite with a blast on it
we can know the password is 1232456
Enter after you see the flag
6.simple php
It is we need to assign a and b, depending on the value of the source code to meet the conditions will be able to
finally get flag