Solves (at time of writing): 340
Description: Check out the new Flag Finder service! We will find the flag for you!
We start out with a link to a website.
Clicking on it we go to the "Flag Finder"
If we click the "Find The Flag" button, we get lots of redirects until we get to a "Sorry" webpage:
I tried it a few times but got the same page every time, so I wanted to take a closer look at the redirects.
We can do that with
burpsuite, it logs everything that happens between you an the server (in a more readable way than wireshark).
We can see that the MIME-Type isnt really consistent, sometimes it doesnt send websites but rather data.
Lets take a look at the data that's being sent.
So we can see the different parts of the flag here in burp.
Me being too lazy to write a script for such a trivial task just went through the requests and pieced the flag together (they were in the right order so that made it easier)
Until I ended up with
~sw1tchbl4d3, 31/07/2020 (dd/mm/yyyy)