PicoCTF2022 - Roboto Sans

Description

The flag is somewhere on this web application not necessarily on the website. Find it. Check this out.

Information

Point Value: 200 points

Category: Web Exploitation

Hints

(None)

Solution

We note that the name of the CTF challenge is Roboto Sans, which refers to a font type developed by Google. Knowing this, we may want to look for a text font file that may contain the flag. Similar to the Search Source challenge, we will mirror the website and then search for any reference to a flag using grep -r -F "flag" .. This returns three instances in which flag is found, with the third one being the most interesting referring to the robots.txt file. jackwin@COMPUTER saturn.picoctf.net:64271 % grep -r -F "flag" .
./index.html: end six_box The flag is not here but keep digging :)-- >
./index.html: var image = 'images/maps-and-flags.png';
./robots.txt:Think you have seen your flag or want to keep looking. Reading the txt file, we see three lines of seemingly random text, highlighted below in green text. User-agent *
Disallow: /cgi-bin/
Think you have seen your flag or want to keep looking.

ZmxhZzEudHh0;anMvbXlmaW
anMvbXlmaWxlLnR4dA==
svssshjweuiwl;oiho.bsvdaslejg
Disallow: /wp-admin/ We notice that the second line of text has two equal signs at the end, which typically indicates a base64 encoding where equal signs are used as padding. We use the base64 decoder in the terminal to see check each line. jackwin@COMPUTER ~ % echo -n 'ZmxhZzEudHh0;anMvbXlmaW' | base64 --decode
jackwin@COMPUTER ~ % echo -n 'anMvbXlmaWxlLnR4dA==' | base64 --decode
js/myfile.txt%
jackwin@COMPUTER ~ % echo -n 'svssshjweuiwl;oiho.bsvdaslejg' | base64 --decode
Only the second line returns an output, with the % at the end indicating that there is no new line at the end. We see that it is a file path, and navigating to the txt file gives us the flag.

Flag