capture the flag, hacking, web application security

InfoSec Institute Capture The Flag #2

Another day, another challenge.

Today’s challenge will be on the second ctf challenge from the InfoSec Institute.

Below is the screen listed HERE when accessing the link:

infosec_2

Doing a right click view page source and scrolling down we see the following:

infosec_2_pagesource

We see a img src that points to a leveltwo.jpeg. Clicking the file we get the following:

infosec_2_imgsrc

Going to the space bar and add the “view-source:” to the beginning of the address bar we get the following:

infosec_2_flag

We got the flag!

Lesson learned:

Once again do the right click page source. In the beginning it didn’t reveal too much except that there was an image. Clicking on said image we’re brought to a page with a non-rendered image. Viewing the source of that image we see the flag. This is security through obscurity which never works.