> For the complete documentation index, see [llms.txt](https://kabinet.gitbook.io/ctf-writeup/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://kabinet.gitbook.io/ctf-writeup/2023/bsidessf-cloud-village-ctf/plain-sight.md).

# Plain Sight

## Challenge Description

People hide all sorts of things in the most obvious places. I'm getting tired of finding them on the Internet.

Take for example, this website that I'm poking around. This one clearly has the flag kept in the most obvious of places. I, for one, believe the developer relied on Azure's crappy documentation to assume that the flag will not be found.

Can you take this on and report to us with the flag, please?

Start here - <http://20.42.97.190/>

## Solution

Viewing the page source, I identified that there are multiple javascript file attached via Azure Blob Storage

```
https://pubaccess.blob.core.windows.net/pubaccess/file.js
https://pubaccess.blob.core.windows.net/pubaccess/file2.js
https://pubaccess.blob.core.windows.net/pubaccess/file3.js
https://pubaccess.blob.core.windows.net/pubaccess/file4.js
https://pubaccess.blob.core.windows.net/pubaccess/file5.js
```

In the [file5.js](https://pubaccess.blob.core.windows.net/pubaccess/file5.js), there are instructions on how to retrieve the flag.

```
console.log('File.js loaded successfully.');

// This script is responsible for processing and managing data related to a certain aspect of computer security
// It comprises functionality to handle inputs, work with remote resources, and visualize information
//dir,filename= "s3cr3tacc3ss","cred"

// Additional information about processing can be found in the provided technical documents
// To understand the remote resource structure, refer to the associated documentation

// Ensure to use the proper authentication details and adhere to best practices for secure handling
// Locate the authentication details in a separate file, following the pattern: /{dir}/[filename].js

// Stage 1: Obtain user inputs
// Include code to collect and verify user inputs here

// Stage 2: Process and validate the inputs
// Check that inputs adhere to the required format and structure

// Stage 3: Communicate with the necessary remote resources using the user inputs
// Request and obtain data from the relevant remote resources

// Stage 4: Visualize and display the obtained data
// Format and present the data on the web page
```

Following the instructions I visited <https://pubaccess.blob.core.windows.net/s3cr3tacc3ss/cred.js> and retrieved the flag

```
//const hidden = 'flag-{F!1@r3w4%ll$sVuln3r4b1^l1tyM4n4g3m3nt}';
//console.log(hidden.replace(/[%#!@$^]/g, ''));

```

Running the javascript code in console, I retrieved the original flag.

<div align="center"><figure><img src="/files/a96GmsQjje2tMResbIh0" alt=""><figcaption></figcaption></figure></div>

Flag: `flag-{F1r3w4llsVuln3r4b1l1tyM4n4g3m3nt}`


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://kabinet.gitbook.io/ctf-writeup/2023/bsidessf-cloud-village-ctf/plain-sight.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
