Back

Hike to the Top Writeup

By
Ananthu S
Published on
20 Sep 2020
1 min read
DOMECTF2020

Story

Travelix has a very unique hiking expedition and it is described as being one of the best in the world. Find it from their website.

Solution

Travelix is a simple travel website. When we look at the whole page, they all are simple HTML pages, and there are no API calls.

So there is something else on that website. Just check the sitemap file of the website.

Yeah, you got that, it is a gpx file.ere.

Travelix1

You can find that there are 32 places denoted as latitude and longitude. Just search these latitude and longitudes on Google and find the places and note down all the countries.

At last you will get 32 countries. This is the clue and you already know that domectf flag is domectf{<32 characters>}.

So take the first letter of every country, and make the flag. They must be in uppercase.

Hurray! You’ve got the flag.

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.
Product tour
Written by
Ananthu S
Ananthu S
Lead Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.
Product tour