Solving fun CTF.
this is a walkthrough I wrote from the solver's perspective.
It was a boring day, and I thought to have some fun. so started to work on some brain-twisting stuff. So, let me solve my own CTF from normal people’s perspectives.
so, the given target was 1337mickey.github.io
so I simply opened it. And saw this:
so, my first approach will be seeing its source code. so I just did right-click. it wasn’t working. So, I being a cool boy, tried ctrl+shift+i. for opening inspect element. but it didn’t work too.
but I tried source-code:1337mickey.github.io and it worked hurray!
I could see the source code now. but, it was encoded lol.
so I now noticed hint 1 and it seems like base64 which was then decoded. and its decoded form was: https://www.html-code-generator.com
so I went to that site and decoded that encoding. but lol, it broke me again
because it said you worked hard for nothing:
I was so happy that finally I was near to solve it but it says you worked hard for nothing. but I noticed and scrolled down and saw a comment which was just helpful to me.
it said to me that who knows if hehe.txt on another repo had a clue. so I went to that site now.
it said it was a joke lol. but noticed it said the word flag itself is the answer. so I simply tried. sushilphuyal.github.io/flag
but it said I'm losing my way. but I thought to see the code. but it gave me something called hacker123.
it gave me a site then I knew that it was about zero-width characters. and I thought it's easy and copied each word and tried decoding its zero-width from the given site. but it had no zero width.
but I thought of hehe.txt because it said the flag itself is a forward path. so I thought it might have zero width, and boom it worked. and I got a different URL to go.
now I thought I was near to solve it. then opened the picture and downloaded a picture of mickey mouse. I tried EXIF data but it had no juicy information on metadata. but I remembered about steganography and used steghide. and boom it had a zip file inside that picture. while extracting it asked passphrase and I thought it was hacker123 as we got it before. but it gave an error. 😞 but when tried empty pass boom it got extracted. so I got the zip now. so I tried opening it and it asked password. Now I was sure to use hacker123. and boom the flag.txt had the flag. It made my day.