“Boss told me to share my to-do list with everyone else to hold me accountable or something. He gave me an hour so I didn’t have time to check but hopefully I didn’t leave anything sensitive on there…”
Spoiler alert: this developer failed to clean up properly! Let’s see what information we can find by inspecting the site source.
Well, that was easy! First flag down just by inspecting the page’s source for comments! Time to root around for more interesting artifacts…
There’s no other information in the source, but it seems a cookie is being stored with the very-unsuspicious name “notflag”. At first glance, its contents would seem to agree:
However, it’s the best lead so far! What happens if we try mutating the value string using some basic procedures? Perhaps a tool like http://www.cyberchef.io could help.
Thank goodness for tools like these! The second challenge is complete now too!
Leave a Reply