DEADFACE talks about having a potential buyer for the database leak on Ghost Town. Figure out where they're keeping the wallet info for cryptocurrency transactions. Submit the flag as: flag{flag-goes-here}.


While searching around the various thread on Ghost Town we found one titled, Potential Buyer in the Works:

Further down in the thread the user d34th provides a clue on the meaning of the random looking string he posted:

With the "secret ingredient" being "onion" we launched Tor Browser and accessed fkdgcbd7ctdqde5dhysmdgefrjs6ip2zjgiycx5vsdvtpdspmkhi5hid.onion.

The website was a simple demo page for a theme and we spent some time reviewing the various HTML, CSS and JavaScript files as well as looking for viewable directories. We found interesting code in the JavaScript file, /js/haetg75d54a.js.

function grab() {
    .then(response => response.text())
    .then(data => {

JavaScript's btoa() method creates a Base64-encoded ASCII string from a binary string, which means the code has a bug. The atob() method should be called to Base64 decode the string to,

Accessing the PasteBin URL reveals the flag:

flag = 'flag{Ogr3s_r_lik3_On1onS}'



Leave a comment