InfoSec Institute – CTF Level 12

This is a walkthrough of InfoSec Institute’s CTF challenge, Level 12.

As I mentioned in some of the other walkthroughs, the first step is to look through the source code for anything that’s out of place. After that, I typically evaluate the headers and other responses (with Chrome’s developer tools) and proceed from there. Anything that the site loads will be revealed in the “Network” tab, so it’s a pretty good source of information that’s always available.

In this level, the file “design.css” was out of place. Viewing the contents showed an invalid CSS statement:

This is not a color

In CSS, colors are typically specified with their hexidecimal value. (There are a couple of other acceptable formats, but that’s irrelevant for now)

Load that string into a Python interpreter, and use the built-in “decode” function. Pretty intuitive, yeah?

The flag also states the obvious.

InfoSec Institute – CTF Level 12

Leave a Reply