Summary: Three different individual messages are encoded within HTML via their classes and their styled visibilities.
FWO FWF
583 MISCELLANEOUS
104 SOLVES
DESCRIPTION
As part of forensic investigations into servers operated by COViD, an investigator found this web server containing a hidden secret. Help us find the contents of this secret.
Web Server
Addendum:
If you're having trouble, check your capitalization.
When visiting the page (http://yhi8bpzolrog3yw17fe0wlwrnwllnhic.alttablabs.sg:40731/), we are greeted by some gibberish:
Looking at the HTML code, it contains multiple span elements and a style tag applying visibility to certain classes:
<html>
<body>
<p style="font-size: 150;">
<span class=c>F</span> <span class=c>W</span> <span class=c>O</span> <span class=a>T</span> ...
</p>
...
<style>
.a {visibility: hidden;}
.b {visibility: hidden;}
.c {}
</style>
...
</html>
It appears that the style controls which span items are shown. The current shown class is ‘c’.
Programmatically, we can obtain the contents of the ‘a’ and ‘b’ spans like so in the Javascript console:
Array.from(document.getElementsByClassName('a')).map(v => v.textContent).join("")
"THE FLAGIS HIDDENINA FILE"
Array.from(document.getElementsByClassName('b')).map(v => v.textContent).join("")
"CSG.TXT"
Following the clues, we can derive that the path /CSG.TXT
exists on the web server. Visiting http://yhi8bpzolrog3yw17fe0wlwrnwllnhic.alttablabs.sg:40731/CSG.TXT confirms this.
$ curl http://yhi8bpzolrog3yw17fe0wlwrnwllnhic.alttablabs.sg:40731/CSG.TXT
Rmo0Y19HdTNfZkdsWTNfaTFmMW8xWTFHbAo=
Decoding the text as base64 gives us some unintelligible data:
$ echo Rmo0Y19HdTNfZkdsWTNfaTFmMW8xWTFHbAo= | base64 -d
Fj4c_Gu3_fGlY3_i1f1o1Y1Gl
Since the numbers look roughly right for the flag, only the characters should be decoded. Thus, guessing that the flag is encoded with ROT13 gives us an intelligible flag:
echo Fj4c_Gu3_fGlY3_i1f1o1Y1Gl | tr 'A-Za-z' 'N-ZA-Mn-za-m'
Sw4p_Th3_sTyL3_v1s1b1L1Ty
Flag: govtech-csg{Sw4p_Th3_sTyL3_v1s1b1L1Ty}
Leave a Comment