+ | hidden done

hidden/README.md

@@ -0,0 +1,14 @@
+# Finding the Hidden Flag
+
+## How We Found It
+First we went throught basic analysis of the website and thought of `.robots.txt`.
+
+`Dissallow: /.hidden`
+
+We wrote a script that crawled through the website’s `.hidden` directory. It checked every subdirectory and looked for each README file, examining the byte of its content. When that byte deviated from the expected pattern, we knew we’d found the flag!
+
+## Utility of It
+For this project, there wasn’t any real-world utility, it was just a roleplay exercise for school to learn about web crawling and threading.
+
+## How Can We Patch It
+The easiest fix is to restrict public access to sensitive files. Don’t place secret files in directories that are directly accessible from the web.