Directory Browsing
Who submitted (First Last) the rejected talk titled Data Loss for Rainbow Teams: A Path in the Darkness? Please analyze the CFP site to find out.
For hints on achieving this objective, please visit Minty Candycane and help her with the The Name Game Cranberry Pi terminal challenge.
Finding Browsable Directories hint from
On a website, finding browsable directories is sometimes as simple as removing characters from the end of a URL.
Website Directory Browsing hint from
Website Directory Browsing
Have you ever visited a website and seen a listing of files - like you're browsing a directory? Sometimes this is enabled on web servers.
This is generally unwanted behavior. You can find sleighloads of examples by searching the web for index.of.
On a website, it's sometimes as simple as removing characters from the end of a URL.
What a silly misconfiguration for leaking information!
Browsing to https://cfp.kringlecastle.com/ and clicking on CFP brings to https://cfp.kringlecastle.com/cfp/cfp.html.
Removing /cfp.html from URL brings to https://cfp.kringlecastle.com/cfp/, which contains index of cfp directory, including rejected-talks.csv file.
Simply browsing to https://cfp.kringlecastle.com/cfp/rejected-talks.csv and searching for "Data Loss for Rainbow Teams" reveals necessary data.
qmt3,2,8040424,200,FALSE,FALSE,John,McClane,Director of Security,Data Loss for Rainbow Teams: A Path in the Darkness,1,11Answer to this objective is John McClane.