Solving fun CTF.

this is a walkthrough I wrote from the solver's perspective.

sushil phuyal
4 min readAug 27, 2021

It was a boring day, and I thought to have some fun. so started to work on some brain-twisting stuff. So, let me solve my own CTF from normal people’s perspectives.

so, the given target was 1337mickey.github.io

so I simply opened it. And saw this:

so, my first approach will be seeing its source code. so I just did right-click. it wasn’t working. So, I being a cool boy, tried ctrl+shift+i. for opening inspect element. but it didn’t work too.

but I tried source-code:1337mickey.github.io and it worked hurray!

I could see the source code now. but, it was encoded lol.

so I now noticed hint 1 and it seems like base64 which was then decoded. and its decoded form was: https://www.html-code-generator.com

so I went to that site and decoded that encoding. but lol, it broke me again

because it said you worked hard for nothing:

I was so happy that finally I was near to solve it but it says you worked hard for nothing. but I noticed and scrolled down and saw a comment which was just helpful to me.

it said to me that who knows if hehe.txt on another repo had a clue. so I went to that site now.

it said it was a joke lol. but noticed it said the word flag itself is the answer. so I simply tried. sushilphuyal.github.io/flag

but it said I'm losing my way. but I thought to see the code. but it gave me something called hacker123.

it gave me a site then I knew that it was about zero-width characters. and I thought it's easy and copied each word and tried decoding its zero-width from the given site. but it had no zero width.

but I thought of hehe.txt because it said the flag itself is a forward path. so I thought it might have zero width, and boom it worked. and I got a different URL to go.

now I thought I was near to solve it. then opened the picture and downloaded a picture of mickey mouse. I tried EXIF data but it had no juicy information on metadata. but I remembered about steganography and used steghide. and boom it had a zip file inside that picture. while extracting it asked passphrase and I thought it was hacker123 as we got it before. but it gave an error. 😞 but when tried empty pass boom it got extracted. so I got the zip now. so I tried opening it and it asked password. Now I was sure to use hacker123. and boom the flag.txt had the flag. It made my day.

if you have some suggestions please do suggest on contacts:

Facebook

Twitter

--

--

sushil phuyal
sushil phuyal

Written by sushil phuyal

a weird guy who loves everything between security and internet

No responses yet