DerbyConCTF Flags: SourceCodeTheft

November 17, 2014 — Leave a comment

SourceCodeTheft was the next-to-last flag I found.  It was worth 100 points.  Here’s how I found it:

Still working on the 10.10.146.187 host, which had yielded previous flags, I had discovered this additional page on the website: http://10.10.146.187/pmc.aspx

I honestly don’t recall how I had found this page but I suspect an earlier wget to mirror the entire website pulled the file down and I saw it on my local folder and decided to visit it.  It’s a simple website with a single text box for input:

Screenshot from 2014-09-27 17_47_04Typing anything into the field (“whatever”) for instance yields a flag hidden in the error output:

Screenshot from 2014-09-27 17_47_23

I wonder if there was more here that could have been gleaned by the error output.  If there is, I didn’t catch it.  I was able to pull one more flag off this website before hanging my hat.  If I’m right about any leads in this error output, please let me know.  I’d like to hear it.

Aaron Melton

Posts

No Comments

Be the first to start the conversation.

Leave a Reply

Text formatting is available via select HTML.

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> 

*