Gawds CTF/ Know whats in your head


Try to see whats inside your head before moving forward.

This challenge was filled with dummy flags and was quite frustrating.

The Challenge

Looking at the description, it looks like the answer lies within the headers.


Like always, checking the robots.txt file, gave up the following info.

### BEGIN FILE ###

User-agent: gawds-crawler

### END FILE ###

From the robots.txt file, we can now infer that the User-Agent must be gawds-crawler.

Navigating to

greets us with a Access Denied error.

Changing the method to POST also results in the same error.

I started to dig more.

I stumble upon sitemap.xml

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<urlset xmlns="">



Checking the headers:


This was quite pissing off! I decided to give last and final shot.

Looking at the hash string, it seemed like a sha-1 hash.

So, I performed sha-1 hash of flag and obtained



You get:


When we check the headers, we get:

Flag: flag{G00d_W0rk_AlWys_check_f0R_headers}