TFCCTF2021 — MACDONALDS [WEB]

Description : I’m a huge Ronald fan. My fan page doubles down as my cloud storage page! You’ll never find my secrets!

Solves : 108

We can see on the website there is some note, if we read the note, there is a clue “Also, I’ve heard that the security on my MacBook (where I host this website)”

we need to find path of flag, but automated tools not allowed, because the website hosted on MacBook, there is one file .DS_Store (read some web vulnerability hosted on Mac) where we can read some interesting file and web directory there.

Here is my solver:

First, download .DS_Store file from current web dir to get other directory

http://server.challenge.ctf.thefewchosen.com:1339/.DS_Store

then, we need to read the file, download DS_Store parser from github (https://github.com/gehaxelt/Python-dsstore), and run

we can see some folder and file on the website, check index.php and secrets we know secrets is folder, now we move to secrets directory and do like first step

then, read the file again using Python-dsstore parser

there is one file .php and its the flag, so full path of flag is http://server.challenge.ctf.thefewchosen.com:1339/secrets/5973b4cc1d61c110188ee413cddb8652.php

flag : TFCCTF{.D5_S70r3_1s_s0_4nn0ying_wh3n_c0mp1l1ng_j4rs_y0urs3lf}

Thanks for read my writeups, follow me for some update!