Objective 2: Directory Browsing

The objective here is to find the name (First and last name) who rejected the talk tilted “Data Loss for Rainbow Teams: A Path in the Darkness?”. from the website.

If we need any hints, we need to talk too “Minty Candycane” once we have compleated “The Name Game Cranberry Pi terminal challenge.” given by Minty Candycane.
“Thank you so much for your help! I’ve gotten Mr Chan his name tag. I’d love to repay the favour.
Have you ever visited a website and seen a listing of files – like you’re browsing a directory? Sometimes this is enabled on web servers.
This is generally unwanted behaviour. You can find loads of examples by searching the web for index.of.
On a website, it’s sometimes as simple as removing characters from the end of a URL.
What a silly misconfiguration for leaking information!”

So this time was not given a URL of any sort! However, it’s pretty straight forward and simple.

Heading over to https://cfp.kringlecastle.com/ we see the following webpage.

So, let’s try and apply for the KringleCon conference! Clicking on the “Apply Now!” button takes us to another page (https://cfp.kringlecastle.com/cfp/cfp.html)

Moreover, if we were to remove the cfp.html part from the end of the URL (Just as the hint gives!), then we get this page.

So we get two files “cfp.html”, “rejected-talks.csv” and ../goes back a page, which brings us to cfp.html again.
As the name suggests, we need the file rejected-talks.csv as we need to find the name (First and last name) who rejected the talk tilted “Data Loss for Rainbow Teams: A Path in the Darkness?”

Opening the file in Firefox, we can see many talks that got rejected. I’m not sure why they all got denied, but that’s not why we’re here. We need to find the name!

Using Ctrl + F within firefox to open the find function, and looking for the text “Data Loss for Rainbow Teams” we find this string “qmt3,2,8040424,200, FALSE, FALSE, John, McClane, Director of Security, Data Loss for Rainbow Teams: A Path in the Darkness,1,11.”

So, the answer here is John McClane (First and last name), pretty simple and straight forward this one was, but still pretty fun!

