search

Hidden Figures

hashtag
Description

Author: @JohnHammond#6971

Look at this fan page I made for the Hidden Figures movie and website! Not everything is what it seems!

hashtag
Solution

On visiting the site, I can quickly identify this is a static web page. Viewing the source code of the page reveals that most of the resources on the page are fetched from /assets. Checking that endpoint we got:

It's interesting that most of the JS files are loaded from here, but none of the images on the page are loaded from this directory. Instead, they was base64-encoded.

All the images after base64-decoded return a valid image, but the 3rd one has another image embedded inside it:

Extracting that file using binwalk --dd=".*" file3.png (I can not use the normal -e flag, somehow), we got the flag as an image:

I can use Tesseract to quickly retrieve the flag in the text format:

PreviousStar WarsNextDownUnderCTF 2023

Last updated