BCACTF 5.0 | Sea Scavenger

Published on: February 5, 2025

3 min read · Posted by Baba is Dead

Challenge Details

Description

Category

Uncategorized

Difficulty

Easy

Topics

Competition

BCACTF 5.0

Author

Baba is Dead

Take a tour of the deep sea! Explore the depths of webpage secrets and find the hidden treasure. Pro tip: Zoom out!

Writeup

Solve Process

This challenge is a simple inspect element challenge. We are greeted with this landing page
Landing Page

Following the pro tip, we zoom out to see a bunch of sea creatures we can click on
image2

Alternatively, you can inspect element to figure out which pages to go to

<a href="/shark">...</a>
<a href="/squid">...</a>
<a href="/clam">...</a>
<a href="/shipwreck">...</a>
<a href="/whale">...</a>
<a href="/treasure">...</a>

Each of these endpoints bring us to a different page where different parts of the flag are hidden, with hints on where to find them. I will just briefly outline the solutions to each one

/shark

Inspect element and look at the HTML

<div class="notFlagPartTrust">
  <!-- You found the shark! Part 1 of the flag: "bcactf{b3}" -->
</div>

/squid

Inspect element and look at the javascript being loaded, or open the console.

You found it! Here's the second part of the flag: "t_y0u_d1"

/clam

We are given a hint in the console:

Hint: how do websites remember you? Where do websites store things?

Website’s store things in a few places:

  1. Databases - On the Server
  2. Cookies - Locally
  3. Local/Session Storage - Locally

We can check these places by going to inspect => application
We can check both the cookies and local and session storages, to find the flag part 3 in the cookies.
image7

/shipwreck

We are given a hint in the console
image8
To check the response headers, we go to Network tab of our inspector
image9
Here we can take a look at the response headers, to find the 4th part of the flag

/whale

No direct hints given here, so we take a look at the javascript. You can do this via the network tab, and double clicking whale.js, or simply find it under the sources tab.

// Part 5 of the flag: "e4sur3"

/treasure

The hint given here is
image11
robots.txt is a special file which tells search engine crawlers which URLs the crawler can access on your site. Usually, it might house hidden endpoints, but for some ctfs, they just store the flag there. So, we navigate to /treasure/robots.txt to see it’s contents.
image12

The final flag is bcactf{b3t_y0u_d1dnt_f1nd_th3_tre4sur3_t336e3}

Please login to comment

Comments

No comments yet