###### tags: `CTF` `WEB` # WEB expolitation ## Looking for somethings in source codes ### Scavenger Hunt ![](https://i.imgur.com/WTN0ZGN.png) ctrl + U  ![](https://i.imgur.com/J95AeGo.png) The second part was hidden in CSS ![](https://i.imgur.com/iPsqLqG.png) How can I keep Google from indexing my website? ![](https://i.imgur.com/7wFu1m6.png) We use robot.txt to disallow google web spiders to crawl our websites!!>< ![](https://i.imgur.com/ZAdR9gL.png) Store information in Mac ![](https://i.imgur.com/uXGfLBx.png) .DS_Store was specified to store the current folder on Mac ![](https://i.imgur.com/aMmo3BD.png) --- ### GET a HEAD ![](https://i.imgur.com/MWzKM7g.png) ![](https://i.imgur.com/2kM2oB4.png) Sourece code ![](https://i.imgur.com/Ca177rv.png) ![](https://i.imgur.com/qfIOtas.png) --- ### Where are the robots ![](https://i.imgur.com/hyvNtYm.png) ![](https://i.imgur.com/9HQDca6.png) ![](https://i.imgur.com/zjEgCz6.png) --- ### Dont-use-client-side ![](https://i.imgur.com/G4gYU0k.png) ![](https://i.imgur.com/7hEKsHW.png) --- ### It's my birthday ![](https://i.imgur.com/ad0ocbC.png) ![](https://i.imgur.com/Kqean1v.png) this website provide the md5 collision https://www.mscs.dal.ca/~selinger/md5collision/ ![](https://i.imgur.com/MAGNnaU.png) --- Redirect phpWEB ![](https://i.imgur.com/uXfFUVQ.png)\ --- ### Search source ![](https://i.imgur.com/oEPiaLR.png) ![](https://i.imgur.com/lwqHjXx.png) ![](https://i.imgur.com/GcuzuUY.png) --- ### picobrowser crul: it easily allows you to control the header --- ## SQL ### SQL Direct ![](https://i.imgur.com/kH16f65.png) show databases >PostgreSQL ```shell= \bt ``` >Mysql ```shell= show tables ``` >SQLite3 ```shell= .tables ``` >To interect with database ```shell= \dt ``` ![](https://i.imgur.com/TIwMCsh.png) ```sql= select * from flags; ``` ![](https://i.imgur.com/O9i4WVV.png)