Ringzer0CTF – Web – Area 51 Objective: Get that flag Solution: On this challenge we get this message Access to this area is restricted using some secure .htaccess So .htaccess so from there I started just by googling .htaccess ( I’ve heard of this before but never really dealt with apache servers) Ok next I googled .htaccess bypass I found a forum that says to get around this sometime its just as simple as using PUT instead of get. https://security.stackexchange.com/questions/177279/how-to-bypass-htaccess-protection So I fired up YARC(Yet another REST client) and sent a PUT instead of a GET to the site Now I get this < div class = "challenge-wrapper" > < br /> < span class = "red" > AREA 51 </ span > The origin of the Area 51 name is unclear? Alien? < br /> < div class = "alert alert-info" role = "alert" > FLAG-w4KRr557y626izv567758O52 <
@circusmonkey404 on the twitters; DM for contact