This is a walkthrough of InfoSec Institute’s CTF challenge, Level 12.
As I mentioned in some of the other walkthroughs, the first step is to look through the source code for anything that’s out of place. After that, I typically evaluate the headers and other responses (with Chrome’s developer tools) and proceed from there. Anything that the site loads will be revealed in the “Network” tab, so it’s a pretty good source of information that’s always available.
In this level, the file “design.css” was out of place. Viewing the contents showed an invalid CSS statement:
In CSS, colors are typically specified with their hexidecimal value. (There are a couple of other acceptable formats, but that’s irrelevant for now)
Load that string into a Python interpreter, and use the built-in “decode” function. Pretty intuitive, yeah?