Web challenges

Solution of Info1

To find the hidden information, we need to open BURP under Kali, create a temporary project and start with BURP defaults.
There are multiple ways of solving the challenge, but Burp in general is a web hacking tool that is useful for the other challenges as well, so we're going to use it now.





On the Proxy > Intercept page we need to switch the Intercept off.


Once it is ready, we have to open a browser, let's do it with Firefox. On the Settings > Preferences page we have to open the Network settings and setup the Manual proxy configuration to 127.0.0.1, the port should be 8080. We have to enable the checkbox “Use this proxy server for all protocols”. After we are done with the settings setups, we are ready to open the URL.



If we jump back to BURP, we can see the downloaded contents, there is one page related to palpatine.hackingarena.no. If we take a look at it, we can notice there is no flag there, so we have to investigate further. There is an option within the Proxy > HTTP history to enable all contents.



If we allow everything to show and refresh the page, we can see other contents now, like style.css, print.css and other images.



The flag can be found in style.css, we need to open and set the view to Response > Raw in order to obtain it.



UiO-Hacking-Arena{c0mments_in_th3_sourc3_are_d4ngeor0us_huhh?}

Challenge by Laszlo Erdodi
Solution by Nora Wimmer