Pthc Top Site Link

| Step | Action | Tool/Command | Reason | |------|--------|--------------|--------| | 1 | Enumerate directories | ffuf/gobuster | Find hidden resources (/admin, /debug, /secret). | | 2 | Read robots.txt | curl | Reveals /secret/ as a disallowed path. | | 3 | Inspect client‑side JavaScript | wget/curl | Discovers that adding ?debug=1 triggers a request to /debug. | | 4 | Request /debug endpoint | curl $TARGET/debug | Debug page leaks the absolute path of the flag file. | | 5 | Retrieve the flag | curl $TARGET/secret/flag.txt | Reads the flag content. |

  • Report the Site

  • Block the Site

  • Educate Others

    • Authors:
    First Author¹, Second Author², Third Author³

    ¹ Department of Computer Science, University A – email@example.com
    ² Department of Information Systems, University B – email@example.com
    ³ Industry Partner, PTHC Inc. – email@example.com

    Keywords: web‑scale architecture, content‑ranking, personalization, caching, load balancing, PTHC Pthc Top Site

    | Item | Details | |------|----------| | Challenge name | Top Site (PTHC) | | Category | Web / Information Disclosure / Logic | | Difficulty | ★★☆☆☆ (Easy‑Medium) | | Platform | PTHC (the “Pwn The Hackers Club” CTF platform – public challenge) | | Goal | Retrieve the hidden flag PTHC… from the target web application. |

    The challenge presents a simple-looking website that appears to be a “top‑10 list” of popular movies. At first glance there is nothing obviously vulnerable, but a combination of information disclosure (hidden files / parameters) and a business‑logic flaw leads to the flag.

    Below you will find a step‑by‑step walk‑through of the methodology used, the tools employed, the vulnerable logic discovered, and the final exploit that yields the flag. | Step | Action | Tool/Command | Reason

    # The challenge URL (provided by the CTF)
TARGET=https://topsite.pthc.xyz

    # Grab the HTTP headers (look for server, X‑Powered‑By, etc.)
curl -sI $TARGET

    Result:

    HTTP/2 200 
date: Fri, 16 Apr 2026 09:12:34 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.24.0
x-powered-by: Express

    | Component | Language / Framework | Key Libraries | Deployment | |-----------|----------------------|---------------|------------| | API Gateway | Go + gRPC | grpc-go, jwt-go | Docker → K8s | | Edge Cache | NGINX + Lua | lua-nginx-module, redis-cli | Helm chart | | Ranking Service | Go | onnxruntime-go, faiss-go | K8s HPA | | Personalization | Python | tensorflow-serving-api, numpy | K8s with GPU nodes | | Kafka → Flink | Java/Scala | flink‑kafka‑connector, elasticsearch‑sink | Flink on YARN | | Elasticsearch | – | – | 3‑node cluster, 2‑shard per index | | FAISS Index | C++/Python | faiss | Served via gRPC micro‑service |

    Performance Optimizations

    ShopSimon. Brands you love. On sale. 24/7. Shop Online Now