wtfCTF 2022— web challenge [1–4] WalkThrough


In this I am going to share my writeup of wtfCTF first four web challenges .

Web challenge -1 | Disallowed

First page of website look quite odd . So I checked the source code.

007.html webpage is disallowed in ‘robots.txt’ .

After viewing the source code we can see our first flag in clear text.

challenge-2 | notebook

It is really easy challenge . Just view source of the website find ‘wtfCTF’ and you will get the flag.

challenge -3 | Investigating the client

After viewing source of this website you can find some kind of hint in JavaScript .

Sort the code out we can easily identify the pattern . 0–4 ,4–8 ,8–12, …

now use GREP and CUT magic to cut code out and save it.

It is a base64 encoding ,after decode it we can see the flag in clear text.

challenge-4 | 2 many Quotes

This challenge will take us to a website . Since it a github website we can easily see the source code. In 2.1.html it is hinted the flag is related to ‘Humility’ and in 2.2.html under Humility the answer is written. Cover your answer in wtfCTF{} and submit your flag.

Thank you hope you like my writeup .




eJPT | eCPPT | DarkArmy CTF Player

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How I learnt to love and hate Terraform in the past few weeks

AXL NFT Collection

Microservices, from hope to nope

AI learns to fly (Part 1) | Airplane simulation and Reinforcement Learning

Azure — Windows Update Management for on-premises VMware VMs with snapshots

Teammate Tuesday: Sean Zhang

‘Functional’ Swift #1: Looking for Patterns

TDD is about making evolution explicit

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


eJPT | eCPPT | DarkArmy CTF Player

More from Medium

Journey to the first 2 CVEs

Exploiting CVE-2019–5418- File Content Disclosure on Rails

What is OSI Model? How do I make use of it?

NodeJS Deserialization Challenge created for YASCON-21