Max49's ICTF Round 11 Challenge Writeups

Solve:

To solve this challenge, you just had to submit the flag "hidden" in the text with the flag wrapper ictf{}

Difficulty rating: 1/10

Guessy rating: 1/10

Solve:

This challenge was a little step up from the previous challenge, but definitely doable. When loading this page and after playing around with the url, we can see that going to numbered pages returns Hello, <number> and by inspecting the page source, we see nothing interesting. If we use burp to analyze the page a little bit more, we see a few things set:

Of these, X-Flag seems the most interesting. Looking up what X-Flag is, we can see that it's not really used much for anything, making it seem more interesting relating to the challenge. At /0, we see that X-Flag is equal to "i". Going to /1, we see that X-Flag is equal to "c". We know that our flag format is ictf{}, so from here, we can assume that we can get our flag from X-Flag. To automate this process, I wrote a script (pipes optimized by tirefire):

#!/bin/bash

flag=""
for i in {0..23};
do
    letter="$(curl https://spider.031337.xyz/$i -Is | grep x-flag | cut -f2 -d\ | tr -d '\r')"
    new_flag="${flag}${letter}"
    flag=$new_flag
done

echo $flag
            

Difficulty rating: 2/10

Guessy rating: 2/10

Solve:

In this challenge, you're just given a large file with a bunch of random characters and we can just use grep or ctrl + f in a text editor to get the flag (command: grep ictf find_me.txt)

Difficulty rating: -5/10

Guessy rating: 1/10