In the not-so-distant future, robots have taken over the fast-food industry. Infiltrate the robot hotdog stand to find out whatjobs still remain.
https://hotdog.web.2023.sunshinectf.games
Solution
Visiting the website presents us with this welcome page:
Starting with basic enumeration, our nmap and dirbuster scans came back with nothing of interest. I tried some default password such as 123:admin
and 123:password
but those also failed.
Visiting the robots.txt directory presented us with the following:
Visiting /hotdog-databse/
downloads a file to our system called robot_data.db
.
Simply viewing the database file presents us with mostly garbled schema with a couple of interesting parts:
We can tell that the database is in the sqlite3 format and that there is a table within it called credentials. I also thought that the RobotID field would be an integer but it turned out to be a string.
![Pasted image 20231009123957.png]
Logging in with the credentials hotdogstand:slicedpicklesandonions
presents us with the flag sun{5l1c3d_p1cKl35_4nd_0N10N2}