Exploit mag
![[exploit_enonce.png]](https://raw.githubusercontent.com/Nouman404/nouman404.github.io/main/_posts/CTFs/404_CTF_2024/Web/Photos/exploit_enonce.png)
The main idea here, is that we can’t access the articles from the website without paying for a subscription. But we can’t get any be cause we are redirected when we try to get one:
![[exploit_home.png]](https://raw.githubusercontent.com/Nouman404/nouman404.github.io/main/_posts/CTFs/404_CTF_2024/Web/Photos/exploit_home.png)
At first I tried to remove the code that was on top of the text, but the hidden text is just a Lorem Ipsum nonsense. Because we can’t use gobuster, I lost a lot of time on this one and finally, I thought about the robots.txt file:
![[exploit_robots.png]](https://raw.githubusercontent.com/Nouman404/nouman404.github.io/main/_posts/CTFs/404_CTF_2024/Web/Photos/exploit_robots.png)
As we can see, the google bots have access to anything on the server. So we can change our user agent to a google bot one.
![[exploit_agent.png]](https://raw.githubusercontent.com/Nouman404/nouman404.github.io/main/_posts/CTFs/404_CTF_2024/Web/Photos/exploit_agent.png)
I used this user agent switcher
And now we have access to the pages:
![[exploit_home2.png]](https://raw.githubusercontent.com/Nouman404/nouman404.github.io/main/_posts/CTFs/404_CTF_2024/Web/Photos/exploit_home2.png)
Now if we look the Dataleak au 404 CTF article, we get the flag:
![[exploit_flag.png]](https://raw.githubusercontent.com/Nouman404/nouman404.github.io/main/_posts/CTFs/404_CTF_2024/Web/Photos/exploit_flag.png)