Picoctf

Trickster Author: Junias Bonou Description I found a web app that can help process images: PNG images only! Try it here! When I attempted to upload some random files, I got the following error message: Error: File name does not contain '.png'. This suggests that the app strictly checks for .png extensions. To dig deeper, we can perform a directory search to see if we can find anything useful. A tool like gobuster is perfect for this kind of task. ...

picoCTF: Scavenger Hunt Things I learned from this challenge: Try to access those dot files! And other files that might be accessible other than the public ones. robots.txt - https://developers.google.com/search/docs/advanced/robots/intro Apache server manages its server permissions in .htaccess file. It is always good to know what options I have to find vulnerabilities.