Level 7

Url: http://ctf.infosecinstitute.com/404.php
Description: f00 not found, Something is not right here?
Bounty: $70

Solution:
There is nothing in the source code, using burpsuite I intercept the web, it also contain nothing, so I send it to Repeter in burpsuite, then I change the contain header

 GET /404.php HTTP/1.1 to GET /levelseven.php HTTP/1.1

level7

The result is base64 char

aW5mb3NlY19mbGFnaXNfeW91Zm91bmRpdA==

After decode it, I get a flag

level7flag

The flag is: infosec_flagis_youfoundit

Reference and Tools:
1. BurpSuite – http://portswigger.net/burp/
2. Linux command line to decode base64

0 comments