RSS
 

HACKvent 2016: Day 1


05 Dec 2016
CTF: Hackvent 2016
Link to challenge: http://hackvent.hacking-lab.com
Date Completed: 5 December 2016

Challenge

Solution

We confirm that each link does indeed lead to the same destination URL. I can notice a redirection (301 permanent) occurring with each link thanks to a nifty HTTP logging plugin I have for Chrome called Live HTTP Headers. You could also use various online services to check the redirection(s) occurring for each of the 3 links. For example, you could use: redirectcheck.com

We see the following sequences of redirection for each link:

Link 1

http://ow.ly/unCT306N19f

http://bit.do/HV16-t8Kd

https://upload.wikimedia.org/wikipedia/commons/thumb/7/7c/Intocht_van_Sinterklaas_in_Schiedam_2009_%284102602499%29_%282%29.jpg/220px-Intocht_van_Sinterklaas_in_Schiedam_2009_%284102602499%29_%282%29.jpg

Link 2

http://ow.ly/xW3h306N18f

http://bit.do/38aY-QxL5

https://upload.wikimedia.org/wikipedia/commons/thumb/7/7c/Intocht_van_Sinterklaas_in_Schiedam_2009_%284102602499%29_%282%29.jpg/220px-Intocht_van_Sinterklaas_in_Schiedam_2009_%284102602499%29_%282%29.jpg

Link 3

http://ow.ly/3wfc306N10K

http://bit.do/bn4K-c6Lw

https://upload.wikimedia.org/wikipedia/commons/thumb/7/7c/Intocht_van_Sinterklaas_in_Schiedam_2009_%284102602499%29_%282%29.jpg/220px-Intocht_van_Sinterklaas_in_Schiedam_2009_%284102602499%29_%282%29.jpg

We notice the string HV16 in the bit.do link for Link 1 and that there is 4 characters, then a hyphen, and then another 4 characters in the short URL for each link. This gives me the idea that the text after each bit.do link can be combined to create the nugget. We join these strings together, adding a hyphen in between each of the 3 strings, to obtain our flag!

Flag:  HV16-t8Kd-38aY-QxL5-bn4K-c6Lw

 
No Comments

Posted in Hackvent 2016

 

Leave a Reply