Are you ready to level up your cybersecurity skills? I woke up on Wednesday morning January 11 at exactly 8:15 AM after prayers and some breakfast, I set out on a mission to tackle CTFlearn web challenge. As I fired up my Kali Linux machine within my Ubuntu operating system, I couldn’t help but think about the power of using a Distrobox to run multiple Linux machines. But that’s a story for another day. I was armed and ready with my terminal and Firefox-ESR, configured to accept proxied requests and my go-to Burp Suite Pro by my side. The challenge was to hack into a seemingly innocent blog and find the hidden flag. But little did they know, I was ready for the task at hand. As I dug into the site, I started with the basics — checking the view page source and clicking around. But nothing seemed to jump out. I even tried using JavaScript beautifying sites to make the code more readable, but still no luck. So, I turned to the hacking community for hints and after some reading, I found a method worth reproducing. Many desktop browsers have developer tools that can help developers code effectively and debug. But did you know, as a hacker, you can leverage these same tools to find hidden gems on the website’s memory and storage? It’s called dynamic analysis and it’s a game-changer. But I’ll save that topic for another day.

chrome developer tool
firefox developer tool

Using the developer tools in Firefox-ESR, I inspected every container and stumbled upon an interesting one — the storage container. And there it was, the key-value pair that would lead me to the flag. “Flag” was the key and the value, “flag{n7f_l0c4l_570r463_15n7_53cur3_570r463}”.

I couldn’t believe my eyes, I had cracked the code! The takeaway from this experience? As a cybersecurity enthusiast, curiosity should be your middle name. Playing CTFs regularly will help you develop that essential trait. But remember, the best is yet to come, so keep learning and growing — that’s the true culture of this industry.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Fortune Edema

Information Security Associate ISO IEC 27001 $Tech Enthusiast||Self Taught InfoSec Researcher||Penetration tester|| Bug bounty hunter#Computer Science Student