We were given a blank page.
But if we look at http headers, we can see that we have masked flag in them.
All that we need – find masked characters of flag.
Author: Alexey Kaminsky
NotSoSecure CTF 2014
We have got link to the login page. There is an interesting comment in the page source.
<!--H4sIAAAAAAAAAAsyTs80LTEu0ssoyc0BACMzGYUNAAAA-->
It looks like a base64 encoded data. Let’s decode it.
Continue reading
PlaidCTF Quals 2014 web-200: kpop
Sometimes, the Plague leaves some of his old stuff up and running. We found a K-Pop lyrics website the Plague wrote back when he was learning to program. It was open-source, too! We believe there might be something important in /home/flag/flag. Could you get it for us?
PlaidCTF Quals 2014 misc-10: Heartbleed
Back up now! Hopefully for good.
Our hearts are bleeding. But instead of bleeding password bytes, they’re bleeding flags. Please recover our flags so we don’t bleed to death before we can update to 1.0.1-g. Site is up at https://54.82.147.138:45373
PlaidCTF Quals 2014 web-300: WhatsCat
The Plague is using his tremendous talent for web applications to build social websites that will get bought out for billions of dollars. If you can stop his climb to power now by showing how insecure this site really is, (on IPv6 at 2001:470:8:f7d::1) maybe we will be able to stop his future reign of terror. Here‘s some of his source.