You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
51 lines
1.4 KiB
51 lines
1.4 KiB
4 years ago
|
+++
|
||
|
author = "Maik de Kruif"
|
||
3 years ago
|
title = "Challenge 1"
|
||
|
subtitle = "Challenge 1 - AdventOfCTF"
|
||
4 years ago
|
date = 2020-12-02T17:27:25+01:00
|
||
4 years ago
|
description = "A writeup for challenge 1 of AdventOfCTF."
|
||
3 years ago
|
cover = "img/writeups/adventofctf/2020/3f12301d8715a1371d2d776d25ea6ab6.png"
|
||
4 years ago
|
tags = [
|
||
|
"AdventOfCTF",
|
||
|
"challenge",
|
||
|
"ctf",
|
||
4 years ago
|
"hacking",
|
||
|
"writeup",
|
||
4 years ago
|
"web",
|
||
4 years ago
|
]
|
||
|
categories = [
|
||
|
"ctf",
|
||
4 years ago
|
"writeups",
|
||
4 years ago
|
"hacking",
|
||
|
]
|
||
|
+++
|
||
|
|
||
|
- Points: 100
|
||
|
|
||
|
## Description
|
||
|
|
||
|
All starts should be easy
|
||
|
|
||
|
Visit <https://01.adventofctf.com> to start the challenge.
|
||
|
|
||
|
## Solution
|
||
|
|
||
4 years ago
|
When opening the page, we're asked for Santa's password. Unfortunately, we don't know the password. Don't stop there though, mayby someone has hidden it in the source html.
|
||
|
|
||
|
Let's open the source by pressing `Ctrl + U` and take a look at it. Near the bottom we find the following comment:
|
||
4 years ago
|
|
||
|
```html
|
||
|
<!-- This is an odd encoded thing right? YWR2ZW50X29mX2N0Zl9pc19oZXJl -->
|
||
|
```
|
||
|
|
||
4 years ago
|
This looks like a `base64` encoded string so let's use the program `base64` with the `-d` decode flag to decode the text.
|
||
4 years ago
|
|
||
|
```bash
|
||
|
> echo "YWR2ZW50X29mX2N0Zl9pc19oZXJl" | base64 -d
|
||
|
advent_of_ctf_is_here
|
||
|
```
|
||
|
|
||
4 years ago
|
We get some plain text. If we enter it as Santa's password on the challenge page, it gives us the flag: `NOVI{L3T_7H3_M0NTH_0F_FUN_START}`.
|
||
4 years ago
|
|
||
|
This flag can then be submitted for the [challenge](https://ctfd.adventofctf.com/challenges#1-2).
|