Web - General
Try to go to robots.txt and apparently give next step to obtain flag, which I need to go to /.r0b0fl4gchal1c.
From the directory, it showed base64 encoded flag and I decode through cyberchef to get the actual flag.
Flag: CURTIN_CTF{B0T530T5BOTSB0T555555BOTS}
Scrolling through web page i stumble upon this image, which give us some kind of other directory? Going to the /homeChall directory give me nothing..
Since I pretty lazy to intercept the request and view the http header. Network on inspect in firefox is working just fine for me to show suspicious Content-Location on http header, which is /h0m3fl4g15h3r3. Finally, going to the directory give me the flag.
Flag: CURTIN_CTF{C0NGR4TUL4T10N5_0N_Y0UR_H0M3C0M1NG}
After exploring through web page via page source, I discovered that one of the missing image source location are different from the others. Try to go the the /static/Content.png will give me the hidden flag in image format.
Flag: CURTIN_CTF{N33D_F0R_ B3TT3R_C0D3_R3V13W}
Going to the registration page will direct me to the dead end. Try to view network tab on inspect give me this weird Content-Location on http header /g3t_53cR3t_fl4g. When going to the directory, it show the Method Not Allowed.
Now its time to use burp suite! Try to change the http method from POST to GET give me Who are you?. Since it asks me who am I, from the weird looking cookie I tweak the http header and make the Referer as part of http header. Result gives me Invalid Secret.
Since its response with invalid secret, I place 53c43t in cookie into http header and got the flag.
Flag: CURTIN_CTF{Th15_Fl4g_15_h15hly_c0nf1d3nt14l}
Last updated
