27th November 2021
Write-up Advent of CTF challenge 0

Write-Up: Advent of CTF 0

Overview

The NOVI University Of Applied Sciences is offering an Advent CTF challenge for December 2020. The CTF is created by our community member of the Hackdewereld.nl and Chief Lecturer for Cyber Security at the NOVI University, Arjen Wiersma. If you want to participate in these CTF challenges, you can create an account on the website https://www.adventofctf.com/.

Challenge 0

  • Description: Do you remember the flag in the teaser website?
  • 1 Point

First, I wasn’t aware that there was a teaser page. But, after some searching, I came to the conclusion that there is no other website than https://www.adventofctf.com/, related to this CTF. So, I visited the Wayback Machine to determine if there was a flag posted on this website in the past.

At this moment, there is only one snapshot saved of the website from 12 November 2020. So, I used this date to check the website. And, there was indeed a teaser website.

Advent of CTF Teaser website
https://web.archive.org/web/20201112020839/https://www.adventofctf.com/

I checked the source code of this website, and I found a base64 encoded string.

<!--
                        <form action="/index.php" method="POST">
                            <div class="form-group">
                                <label for="flag">Flag</label>
                                <input type="text" class="form-control" id="flag" name="flag"  placeholder="Enter the flag">
                            </div>
                            <button type="submit" class="btn btn-warning">Submit</button>
                        </form>
-->
            </div>
        </div>
        <!-- Ceasar worked on this you know. Tk9WSXtIRVlfMVNfVGgxU19AX0ZsYTk/fQ== -->

        
        <div class="row">
            <div class="col-6 mx-auto" <div class="card text-center">
                    <div class="card-header">
                        Follow us on Twitter
                    </div>
                    <div class="card-body">

I decoded this string, and I got the flag.

~$ "Tk9WSXtIRVlfMVNfVGgxU19AX0ZsYTk/fQ==" | base64 -d 
NOVI{[email protected]_Fla9?} 

Thanks for reading!

T13nn3s

I'm a cybersecurity enthusiast! I'm working as an IT Security Engineer for a company in The Netherlands. I love writing scripts and doing research and pentesting. As a big fan of Hack The Box, I share my write-ups on this blog. I'm blogging because I like to summarize my thoughts and share them with you.

View all posts by T13nn3s →

Leave a Reply

Your email address will not be published. Required fields are marked *