Post

RootMe - Hidden Include & Backup

RootMe challenge walkthrough - Hidden Include & Backup

Posted
Preview Image
By Mustafa Eltayeb
1 min read

RootMe – Hidden Include & Backup

Mission
Find the password to solve the challenge.

Analysis

  • The challenge loads an empty page with no visible content.
  • Inspecting the page source reveals an HTML comment hinting at an included file:
    1

    <!-- include("admin/pass.html") -->

    This suggests the page might dynamically include admin/pass.html, but it’s not loading properly (or is empty on purpose).

Solution steps

  1. Directly access the hinted path:
    http://challenge-url/admin/pass.html
    → Nothing interesting appears (likely empty or restricted).

  2. Navigate to the parent directory:
    http://challenge-url/admin/
    → This reveals a backup file (common naming like admin.php~, admin.bak, .admin.swp, etc., or perhaps admin.txt).

  3. Open the backup file → it contains admin.txt (or similar) with the hardcoded password: LINUX.

Finished. Happy Hacking!

Follow me:

Root Me, web server
RootMe CTF Web SourceCodeLeak HTMLComments BackupFiles DirectoryEnumeration
This post is licensed under CC BY 4.0 by the author.