 What's going on everybody my name is John Hammond a little bit more Pico CTF this challenge is called where are the robots for 100 points it has 6,929 solves currently at the time recording challenge prompt says can you find the robots we're giving a link here and another port we could access it if we would like to I'm gonna use that port one because that way I think the way you'll find the solution is a little bit more native has to how you normally track it down on a web page so this is referring to robots dot text which is the notion of a web page might be trying to hide some specific other web pages or a website might be hiding other pages from search engines and internet crawlers and bots like Google or some other things that might try and catch stuff for search results and that kind of thing I've covered this more than in plenty of times with other videos there is a little bit of an introduction and some more information about what this file actually is if you want to do more reading about it other than my quick snappy explanation but normally it's at forward slash robots dot text it's the very root of the web page and just going there and listing out what user agents may or may not be able to access these other files thing is the robots dot text file is always visible to the end user so if it's trying to hide some pages you can still track that down as the user here so I'm gonna go to forward slash robots dot text and you can see this will allow or disallow any user agent so any kind of browser to this page here forward slash zero seven seven nine that might be different on your side the port numbers might be different again Pico is really good about making this all dynamic but there is our flag simple as that congrats you found the robots here it is that's your flag we go and submit this if we wanted to but I'd like to showcase Katana solving this just a little bit again I'm gonna use that link here and let's make a directory where are the robots let's CD that and I'm gonna activate Katana's environment so Katana and been activates now I can run Katana just like a command I'll set the flag format Pico CTF regular expression so period asterisk question mark to make it lazy with matching anything inside tack a for auto and we'll just give it that link so it will go ahead initialize and track it down and through that robots dot text that it would have found for us so there's our flag automatically thrown into our clipboard for us so we'll paste that in here and let's finish that mark that as complete cool all right now let's move on to one more challenge because that was pretty quick and simple this one is also pretty quick and simple this one's called so meta for 150 points in the forensics category it says find the flag in this picture we're giving a download link let's go ahead and W get that let's make directory so meta hop over there and now we have this Pico image that's simply looks like the logo from 2017 I think so Pico CTF 2017 just all that picture really has in there if you were to run strings on it and do normally what you wanted to okay I guess it's also visible in the strings that makes sense what you'll note here is that it's actually being included in an artist metadata segment there so if we were run a tool like EXIF tool you should be able to actually see that in its segmented in specific actual metadata tag there there it is displayed Katana will obviously be able to find this if you wanted to fire that up as well because it's just in there if you don't have EXIF tool trying to type in a new bunch you should give you like the lib pearl metadata EXIF thing that you can install that package on and we could simply fire up Katana Katana again I'll use that Pico CTF flag format and tack a we can give it this download link nice and easy because it will go ahead and auto download that for us it will run strings and EXIF tool and it tracks it down real real nice so that's that hope you guys enjoyed this if you did please do like comment and subscribe I'd love to see you guys in the discord server there are a ton of smart people in there much smarter than me and they're all about CTF server security and the good stuff so see in the next video