Hey there, tech adventurers! Welcome to my blog! Today, we're diving headfirst into the thrilling world of Capture the Flag (CTF) challenges. Whether you're a complete newbie to cybersecurity or a seasoned pro looking to sharpen your skills, this walkthrough will help you navigate a typical CTF challenge with plenty of tips and tricks along the way. Ready to roll? Let’s do this!

What is a CTF?

Capture the Flag (CTF) is like a cybersecurity treasure hunt where participants tackle various security-related tasks. These challenges can range from basic cryptography and reverse engineering to web exploitation and forensics. The main goal? To find hidden "flags" (usually strings of text) within these tasks.

What is Hacker101 CTF?

Hacker101 CTF is an awesome online platform from HackerOne, designed to help you learn and practice your hacking skills. It offers a variety of CTF challenges that mimic real-world security vulnerabilities and scenarios. It’s like a playground for aspiring ethical hackers to hone their skills in a safe and controlled environment.

And guess what? They’ve got a whole tutorial series to help you out, which you can check out here.

This first challenge is aptly named 'A Little Something to Get You Started'. The objective? Find a hidden flag on a simple webpage.

Challenge: A Little Something to Get You Started

Description: Your mission, should you choose to accept it, is to locate a hidden flag on a straightforward webpage. The URL will be generated dynamically when you begin the challenge.

Alright, let’s get cracking on this challenge and dive into the basics of web security and CTFs.

Step-by-Step Walkthrough

Step 1: Reconnaissance

Visit the URL: Fire up your web browser and head over to the generated URL. The page might look like a plain Jane, but we’re here to uncover its secrets.
View Page Source:
- Right-click on the webpage and select "View Page Source" or use the keyboard shortcut Ctrl+U (on Linux/Windows) or Cmd+U (on Mac).
- This will show you the HTML code of the page. Look for any hidden comments or scripts that might contain clues or the flag itself.


    <!doctype html>
    <html>
        <head>
            <style>
                body {
                    background-image: url("background.png");
                }
            </style>
        </head>
        <body>
            <p>Welcome to level 0.  Enjoy your stay.</p>
        </body>
    </html>

Hmm, it seems this webpage is loading a background image, but as we can see, the background is as barren as Vin Diesel’s scalp. How very curious!

Step 2: Check Linked Files

Look for Files:
- Based on the styles in the HTML source, there's a mention of a background.png file.
Navigate to the Linked File:
- Enter <generated_url>/background.png in your browser to view the content of background.png.

Step 3: Retrieve the Flag

Find the Flag on the page:
```
 ^FLAG^[REDACTED]$FLAG$
```
Now we have the flag in our grasp. Let's move on to submitting the flag.

Step 4: Submit the Flag

Submit the Flag:
- Go back to the Hacker101 CTF platform.
- Navigate to the flag submission page.
- Enter the flag in the submission field.

If the flag is correct, you will see a confirmation message, and points will be awarded to your account.

Additional Tips

Pay Attention to Details: Sometimes, the smallest detail in the source code or the challenge description can point you in the right direction.
Practice Regularly: The more challenges you complete, the more familiar you will become with common patterns and techniques used in CTFs.

Conclusion

Congratulations on completing your first challenge! "A little something to get you started" is just the beginning. As you progress, the challenges will become more complex and require more advanced techniques. Keep practicing, stay curious, and enjoy the journey of becoming a proficient ethical hacker. Happy hacking!

Unlocking the Secrets of Hacker101: Your First Capture the Flag Challenge

Table of contents