Google Capture the Flag

Ernst Echidna (50 points)

Problem: Can you hack this website? The robots.txt sure looks interesting.

Writeup: We first visit the website.

The problem says to go to the robots.txt.

We can see that it has blocked the path /admin from search bots. Naturally we go to visit this path and see a message along the lines of You are not logged in. We then head back to the home page and register for an account.

Upon making the account, we are greeted by the following message:

We're not interested in this message since it provides nothing of use to us. We then click inspect to look at the cookies.

We find an interesting one, md5-hash, which decrypts to d. If we now visit the admin page, it'll show the following message.

However, if we set the cookie (I use modHeader for this) to the md5 hash value for admin ( 21232f297a57a5a743894a0e4a801fc3) we get the following page.

There's your flag.

A Cute Stegosaurus (100 points)

I did not complete this challenge, but I tried anyway.

After downloading the file, I ran strings on it to get textual input. After examining it I saw a GET request to message.png. Opening up Wireshark and making it export http objects gets you the picture of the stego. I have yet to find a program that can find the hidden flag in the picture :(.