What Lies in the Shadows

Challenge:

Based on ghosttown discussions, DEADFACE has a secret website they tell their new recruits about. Somewhere on that site is a hidden flag that we need you to grab. Submit the flag as flag{flag_text}.

Solution:

A component of the CTF’s storyline included a discussion forum named GhostTown where members of the “DEADFACE” hacking group would communicate. I performed a search on the discussion board for the word “hidden” which returned one result:

After scrolling through numerous memes in the discussion I found a reply by spookyboi that contained a link to a Paste on PasteBin. The contents of the Paste was simply, “323epprcunnvtibo6no7libdxopwcaqgorho6slmpos7fimetb4zskad”, which appeared to me to be a TOR address but missing the _.onion extension.

I launched a TOR browser with the URL and browsed to an “About Us” page for “DEADFACE”.

The challenge description mentioned the flag was “hidden” so I reviewed the page’s HTML source and linked resources like the CSS file, and ultimately a Javascript file named “deadface.js”. Viewing its source revealed the flag:

function get_flag() {
	return 'flag{w3lcome_t0_d34df4ce}';
}

Published:

Updated:

Leave a comment