Thailand Cyber Top Talent 2022 – CTF THAILAND
Writeup!! Web-challenge04
1st step : survey target website and guessing how to find flag?
website have menu to login with Admin Key.
2nd step : Use : dirb to start find more hidden directory and found many directory in directory
like : IP Address /s/e/c/r/e/t/
3 : let check /s/e/c/r/e/t/ directory have “secret”, in secret have flag.inc
check flag.inc
<?php
$secret = "N.C.S.A";
?>
Final : use N.C.S.A for Admin key, Yessssss!! found it.
flag : tctt2022{Adm!n_S3cr3t_K3y}