Assessment Methodologies: Information Gathering CTF 1 — eJPTv2 Walkthrough

Assessment Methodologies: Information Gathering CTF 1 — eJPTv2 Walkthrough

Last updated: July 09, 2025

Hi everyone! In this article, we will solve the Assessment Methodologies: Information Gathering CTF 1 (eJPTv2). I will not share the flags because I don’t want you to copy and paste them, but rather solve it yourself and follow my instructions, so sit back and read!

Flag 1: This tells search engines what to and what not to avoid.

It’s the robots.txt file that tells the search engines what to crawl and what not to, so head towards the browser and view the robots.txt

Assessment Methodologies: Information Gathering CTF 1 — eJPTv2 Walkthrough

Flag 2: What website is running on the target, and what is its version?

We have to do a simple nmap scan to identify which website is running and its version on the target system. For this, we will utilize the Default scan of nmap, We have to use the -sC option to get more information

nmap -sS -sV -sC target.ine.local
Assessment Methodologies: Information Gathering CTF 1 — eJPTv2 Walkthrough

Flag 3: Directory browsing might reveal where files are stored.

hmm… Directory browsing, I think we have to brute-force the directories using gobustor or dirb, let’s do it quickly

dirb http://target.ine.local
Assessment Methodologies: Information Gathering CTF 1 — eJPTv2 Walkthrough
Assessment Methodologies: Information Gathering CTF 1 — eJPTv2 Walkthrough

So we have identified some directories. We have to explore it one by one and look at it manually

After exploring one by one, the directory /wp-content/uploads has an interesting file:

Assessment Methodologies: Information Gathering CTF 1 — eJPTv2 Walkthrough
Assessment Methodologies: Information Gathering CTF 1 — eJPTv2 Walkthrough

Flag 4: An overlooked backup file in the webroot can be problematic if it reveals sensitive configuration details.

As we know, the website is running on WordPress, which was initially identified. Now we have to look into the backup files of WordPress

so the backup files in WordPress are stored in /wp-config.bak path

Just navigate into it, and it will start downloading

Assessment Methodologies: Information Gathering CTF 1 — eJPTv2 Walkthrough

It will be downloaded automatically as soon as you navigate into it,

then view the file,

Assessment Methodologies: Information Gathering CTF 1 — eJPTv2 Walkthrough

scroll down a little bit

Assessment Methodologies: Information Gathering CTF 1 — eJPTv2 Walkthrough

and there will be the flag

Flag 5: Certain files may reveal something interesting when mirrored.

Mirrored…Are you thinking what I am thinking? Guess it! HTTrack! yes do it

httrack --mirror target.ine.local -O Target

It will store all the output into the Directory named “Target”, so we can easily find the flag by using the grep utility, because there are a lot of files we cannot find the flag manually

Assessment Methodologies: Information Gathering CTF 1 — eJPTv2 Walkthrough

Now, grep it. We know that all the flag formats were like FLAG1, FLAG2, FLAG, and a number. As it is the fifth flag, it will be “FLAG5”, just grep it! It will find the flag in the directory Target, which we mirrored and saved the website

grep -i "FLAG5" -R Target
Assessment Methodologies: Information Gathering CTF 1 — eJPTv2 Walkthrough

And there you go! It was pretty easy. See you in the next Challenge!

Good luck hackers

Leave a Comment

Your email address will not be published. Required fields are marked *