capture the flag, hacking, web application security

InfoSec Institute CTF Challenge #4

Another day, another challenge…

Today’s challenge is #4 from the InfoSec Institute CTF challenge.

Going to the following link we see the following:


Doing a right click view page source we see the following:


Looking at the page we see the following hint – “Hypertext Transmission Protocol”

Pressing F12 to view the developer tools and going to the “Network” tab we see the following:


Inside the set-cookie we see “fusrodah=vasbfrp_syntvf_jrybirpbbxvrf”. This is interesting…

Doing a quick Google search and putting in the second half of our value we get the following link for ROT-13.

ROT-13 is a rotation 13 cipher. This cipher rotates each character by 13 characters.

Using the following site, and putting in our value we get:


We retrieved the flag.

Lessons learned:

Use the hints provided. We our trust right click, view page source, but that didn’t help us. Going back to the page we noticed that the hint was HTTP. Using the development tools inside Chrome and going to the network tab we saw the files retrieved when accessing the site.

Clicking on the page, and viewing the headers we noticed that the cookie was being set. Using this information inside Google we were able to decode the message.