Another day, another challenge.
Today’s challenge comes from the InfoSec Institute CTF program.
Going to the following link we see the following:
Doing a right click, view page source we see the following:
Hmm… there’s a file, titled level14 inside the misc folder. Let’s go that file and see what’s there…
Going to the file we see the following:
Hmm… it looks like we have a SQL dump that’s showing us all the tables and values inside of a php application.
Scrolling down we see something that looks interesting, and strange…
Could this be some type of encoding? Possibly hexadecimal encoding?
First, we don’t need the double forward slash, we just need one. Removing the extra slashes we get the following:
Using a Hex to ASCII converter here, we get:
We found the flag – infosec_flagis_whatsorceryisthis
Our trick still works! We were able to find valuable information when looking at the page source. Going to the file listed we noticed it was a dump of SQL tables. Looking through the tables we noticed suspicious output, which we guessed was some type of encoding. Using information we learned from a previous challenge we were able to deduce that the encoding was hexadecimal encoding. From there we were able to find the flag.