Link: Webpage Points: 10
Useful Tools: Ctrl+U Tags: beginner web

Show Solution …

The Challenge

The n00bs CTF is designed for beginners of CTF-style events. As such, the first level of the n00bs CTF challenge is a common entry-level test. Lets start with looking at the main page:

Level 1 Main Page

On this page, Yoda kindly provides us with the hint “May the source be with you!” In this case, he is referring to the source code of the page itself. There is nothing else on the page; no buttons, no links, nothing at all. With not much else to look at, the next step would be to examine the website’s source code for additional clues.

You can right-click the page and select the option to the view the page’s source, or you can use the keyboard shortcut Ctrl+U in most browsers. You will see something similar to the code below, but this is only a snip of the full source:

<!-- infosec_flagis_welcome -->
<!DOCTYPE html>
<html lang="en">
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="description" content="a ctf for newbies">
    <title>Infosec Institute n00bs CTF Labs</title>
    <link href="css/bootstrap.css" rel="stylesheet">
    <link href="css/custom.css" rel="stylesheet">

  <div class="navbar navbar-inverse navbar-fixed-top">
  <div class="navbar-inner">
    <div class="container-fluid">
    <a class="brand" href="index.php">Home Page</a>

As you can see at the top of the HTML source code, we have found our first flag: infosec_flagis_welcome

Lessons Learned

Everyone who has access to a webpage can view the HTML source code of that webpage (it’s how your browser knows how to display it for you). With this in mind, you can realize it would be very bad to put credentials or other sensitive information inside your website’s HTML thinking that only you can see it. While this may not be common, you can often find other pieces of information that give you a clue to follow next, so it is always a great first place to look. If nothing else, it will give you some additional directories to look into, and will leave you with a greater understanding of how the website functions.

TL;DR: Always look at the source code.