Robots
Challenge
Imported from local notes.md.
Solution
Original Notes
Robots
Challenge Summary
- Given: only the challenge title
Robotsand the descriptionBeep Boop. - Goal: recover the flag.
- Constraints: no downloadable files and no separate service endpoint were provided.
Initial Recon / Triage
- Observations: because there was no attachment or
connection_info, the challenge likely targeted the main CTF platform itself. - File identification: challenge metadata confirmed there were no provided assets.
- Entry points: the most obvious robot-related surface on a website is
robots.txt.
Hypotheses & Approach
- Hypothesis 1: the flag is directly exposed in the platform
robots.txtfile. - Hypothesis 2: the
Disallow: /adminline is thematic flavor, while the actual secret is hidden further down the file.
Execution Steps (Reproducible)
Stage 1
Commands:
curl -i -s https://ctf.cyber-cit.club/robots.txt
Results:
- The site returned a valid
robots.txt. - After a large blank section, the file directly contained the flag.
Stage 2
Commands:
cd /root/cit2026CTF/Robots
python3 artifacts/exploit.py
Results:
- The helper fetched
https://ctf.cyber-cit.club/robots.txt, saved it locally, and extracted the flag.
Artifacts Produced
artifacts/fetch_files.py: helper used to pull the official challenge metadata.artifacts/exploit.py: minimal solver that downloadsrobots.txtand extracts the flag.artifacts/robots.txt: saved copy of the liverobots.txtcontaining the flag.
Flag
CIT{S8kMc789Gd37Py1gQPiWbeqxx}