Find the Secret webpage (Credit: RiversideRocks)

Credit: @RiversideRocks for the original puzzle.

Your goal is to get access to /secret, but using a signup forum. If you read carefully, and get the somewhat obvious hints, then you can get to the secret file.

Someone finished it! It was @Ghostoblivion! , then @wh0, then @youngchief_btw.

The source is here and just read the README.md file.

Puzzle: https://groovy-thundering-guitar.glitch.me/puzzle.html
Finish Link: https://groovy-thundering-guitar.glitch.me/secret?key=chkdsk

4 Likes

Hint: On the /create page , the quote /logs has some of the best logs ever. may have a special meaning.

1 Like

I have no idea! I was able to view the signup logs, but after that I got nothing.

Is this made in PHP or Node?

By the looks of it, I’m 99% sure its node.

Is it SQL injections? I tried but it didn’t work.

It also using Jsoning as a db, so that may not work…

1 Like

Yep, I thought it was as it has a different not found error than php

There are no Linux command that you need to know. Look at https://groovy-thundering-guitar.glitch.me/logs/id

It does not use shell commands because people could use commands to destroy the server.js script.

It contains where the

  • Secret page is
  • The URL Parameter that you need to access it
  • The key for the URL parameter.

Should I add another hint?

1 Like

Ok so here it is! Pay attention to the last lines, especially the words in quotes

[system.Handler]: Hiding "/secret" File with query: "?key="
[system.Handler]: Now perfoming a "chkdsk".
1 Like

woa, that took some thinking outside the box. thanks for the puzzle!

1 Like

Your welcome! The original was RiversideRocks.

I had just come to the fourms for today, saw the puzzle thing here, then the clue, and bamm got ihe answer quick

1 Like

Hey when I edited it, it said something about “overwriting edits”.

Also, I added the source code, the link is at the top.

Answer was:


<iframe width="1000" height="500" src="https://www.youtube-nocookie.com/embed/dQw4w9WgXcQ?autoplay=1" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
3 Likes

Interesting use case of Jsoning…:joy:

1 Like