IceCTF - 30 - Move Along - Web

Thursday 25 August 2016 (2016-08-25)

Saturday 14 September 2024 (2024-09-14)

noraj (Alexandre ZANNI)

ctf, security, web, writeups

🇬🇧

Information#

Version#

By	Version	Comment
noraj	1.0	Creation

CTF#

Name : IceCTF 2016
Website : https://icec.tf/
Type : Online
Format : Jeopardy
CTF Time : link

Description#

This site seems awfully suspicious, do you think you can figure out what they're hiding?

Solution#

Display source code CTRL + U.
The page is only including an image http://move-along.vuln.icec.tf/move_along/nothing-to-see-here.jpg.
See the move_along/ sub-folder and go in it move_along/
Nginx listing functionnality is not disabled so we can see there is a sub-folder [0f76da769d67e021518f05b552406ff6/][secretfolde] (dirb won't work).
There is a secret image secret.jpg containing the flag IceCTF{tH3_c4t_15_Ou7_oF_THe_b49}.