Buried Deep

Background

"I’m not a hacker. I’m just someone who wants to make the world a little better. But the world isn’t going to change itself."

Submit your answer in the following format: ACECTF{3x4mpl3_fl4g}

The flag content should be in lowercase letters only.

http://34.131.133.224:9998/

alt text

Difficulty: Easy
This challenge doesn't have source code

Enumeration

Index page:

alt text

Nothing special, so I decides to check the source page:

alt text

It has a link to the style.css file, I will check this file:

alt text

In this style.css file, there is a tag named #flag. This #flag tag has a content sounds suspicious: bC5 !2CE @7 E96 u=28 :D i f9b0db4CbEd0cCb03FC`b5N. I think the content has been rotated, I will use dcode.fr to rotate it:

alt text

We find the 3rd part of the flag: 7h3_53cr3t5_4r3_bur13d}, lol.

So the first and the second part are still somewhere on the web. Now, I will check if the page has the robots.txt file.
And yes! It has the robots.txt file with many hidden files:

alt text

After checking all the hidden files, I find two files interesting: buried and secret path.

Content of buried file:

alt text

This is the ASCII format, I will use duplichecker to convert from ASCII decimal to text:

alt text

First part of the flag: ACECTF{1nf1l7r471ng_7h3_5y573m_

Content of secret path file:

alt text

This is the morse code. I will use dcode to translate this morse code:

alt text

We got the second part of the flag: 15_345Y_WH3N_Y0U_KN0W_WH3R3_. Since the flag format is in lowercase character, I will change the 2nd part to 15_345y_wh3n_y0u_kn0w_wh3r3_.

Exploitation

Combines three parts and we will get the complete flag:

Flag: ACECTF{1nf1l7r471ng_7h3_5y573m_15_345y_wh3n_y0u_kn0w_wh3r3_7h3_53cr3t5_4r3_bur13d}

Conclusion

What we've learned:

Reconnaissance and knowledge about some encode: ASCII, morse.