Capturing your first flag in Hacker101’s CTF

Solving Hacker101’s “A little something to get you started”

Along with documenting my solutions and progress in PortSwigger Academy, I’ve decided to go back and document the flags I’ve captured in Hacker101’s CTF. Below is my solution to the first challenge: “A little something to get you started”.

The difficulty here is “Trivial” and was a pretty simple puzzle to solve. If you have not found the flag yourself, do not let that discourage you. As a dyslexic with ADHD, I can tell you wholeheartedly that everyone’s learning journey is different, so walk tall!

<1> The page:

The frontend is very plain and just features two sentences, and the backend does not betray this simplicity. We view the source and find this:

I’ll be honest in that I felt a little nostalgic seeing this source code. It reminded me of when I first learned to make webpages, back when I was fourteen. Just good ‘ol pure HTML! Notice anything that did not appear on the frontend? the page refers to “background.png”. Curious. Why don’t we try and find it?

<2> The Solution to “A little something to get you started”:

Let’s head on up to our page’s URL and see if we can access that image. We’ll just append the URL and add background.png to ctf.hacker101r.com/ so that it becomes ctf.hacker101r.com/background.png Hit Enter (and or Return) and…

Our first flag!

We solved “A little something to get you started” and got our first flag! Now we just need to head over to the submit flag section and claim our points.

Notes

Though Hacker101 has listed this as “Trivial” it still comes with an important lesson: the flags could be anywhere. Originally when I did this I did not find it immediately as the solution seemed too obvious. This CTF teaches you how to hack! I thought. to myself. Certainly a hacker would have to do more than find an image! After a couple of minutes I figured it out and rolled my eyes at myself. Be curious, don’t assume anything, and leave nothing unturned.

It will be fun to return to the other CTF challenges and document the flags I’ve got. I do not remeber all of my solutions, so it will be interesting to see if I go about it the same way.

–=⛧⛧⛧=– About the author: Michael Fitzgerald is a penetration tester, post-apocalyptic parody author, and a mad scientist. –=⛧⛧⛧=–
Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Filed under: Capture the flag,Pentesting - @ December 22, 2023 10:22 pm