ctf-writeups-page
  • 🚩teebow1e's CTF write-ups
  • Challenges I created
    • Page 1
  • 2023
    • NahamCon CTF
      • Museum
      • Obligatory
      • Star Wars
      • Hidden Figures
    • DownUnderCTF 2023
      • misc challenges
Powered by GitBook
On this page
  • Description
  • Solution
  1. 2023
  2. NahamCon CTF

Hidden Figures

PreviousStar WarsNextDownUnderCTF 2023

Last updated 1 year ago

Description

Author: @JohnHammond#6971

Look at this fan page I made for the Hidden Figures movie and website! Not everything is what it seems!

Solution

On visiting the site, I can quickly identify this is a static web page. Viewing the source code of the page reveals that most of the resources on the page are fetched from /assets. Checking that endpoint we got:

It's interesting that most of the JS files are loaded from here, but none of the images on the page are loaded from this directory. Instead, they was base64-encoded.

All the images after base64-decoded return a valid image, but the 3rd one has another image embedded inside it:

Extracting that file using binwalk --dd=".*" file3.png (I can not use the normal -e flag, somehow), we got the flag as an image:

I can use Tesseract to quickly retrieve the flag in the text format: