+++ author = "Maik de Kruif" title = "The Source" subtitle = "Challenge 1 - AdventOfCTF" date = 2020-12-02T17:27:25+01:00 description = "A writeup for challenge 1 of AdventOfCTF." cover = "img/writeups/adventofctf/2020/3f12301d8715a1371d2d776d25ea6ab6.png" tags = [ "AdventOfCTF", "challenge", "ctf", "hacking", "writeup", "web", ] categories = [ "ctf", "writeups", "hacking", ] +++ - Points: 100 ## Description All starts should be easy Visit to start the challenge. ## Solution When opening the page, we're asked for Santa's password. Unfortunately, we don't know the password. Don't stop there though, mayby someone has hidden it in the source html. Let's open the source by pressing `Ctrl + U` and take a look at it. Near the bottom we find the following comment: ```html ``` This looks like a `base64` encoded string so let's use the program `base64` with the `-d` decode flag to decode the text. ```bash > echo "YWR2ZW50X29mX2N0Zl9pc19oZXJl" | base64 -d advent_of_ctf_is_here ``` We get some plain text. If we enter it as Santa's password on the challenge page, it gives us the flag: `NOVI{L3T_7H3_M0NTH_0F_FUN_START}`. This flag can then be submitted for the [challenge](https://ctfd.adventofctf.com/challenges#1-2).