This is one of my writeups for PicoCTF 2018
Do you see the same things I see? The glimpses of the flag hidden away? http://2018shell3.picoctf.com:15298
- What part of the website could tell you where the creator doesn't want you to look?
The name of the task and the hint are obviously pointing at robots.txt, so let's see what's there :
User-agent: * Disallow: /c4075.html
Now we have a path to check :
/c4075.html. If we open the page, we
immediately get the flag :