Plain Sight

Challenge Description

People hide all sorts of things in the most obvious places. I'm getting tired of finding them on the Internet.

Take for example, this website that I'm poking around. This one clearly has the flag kept in the most obvious of places. I, for one, believe the developer relied on Azure's crappy documentation to assume that the flag will not be found.

Can you take this on and report to us with the flag, please?

Start here - http://20.42.97.190/

Solution

Viewing the page source, I identified that there are multiple javascript file attached via Azure Blob Storage

https://pubaccess.blob.core.windows.net/pubaccess/file.js
https://pubaccess.blob.core.windows.net/pubaccess/file2.js
https://pubaccess.blob.core.windows.net/pubaccess/file3.js
https://pubaccess.blob.core.windows.net/pubaccess/file4.js
https://pubaccess.blob.core.windows.net/pubaccess/file5.js

In the file5.js, there are instructions on how to retrieve the flag.

console.log('File.js loaded successfully.');

// This script is responsible for processing and managing data related to a certain aspect of computer security
// It comprises functionality to handle inputs, work with remote resources, and visualize information
//dir,filename= "s3cr3tacc3ss","cred"

// Additional information about processing can be found in the provided technical documents
// To understand the remote resource structure, refer to the associated documentation

// Ensure to use the proper authentication details and adhere to best practices for secure handling
// Locate the authentication details in a separate file, following the pattern: /{dir}/[filename].js

// Stage 1: Obtain user inputs
// Include code to collect and verify user inputs here

// Stage 2: Process and validate the inputs
// Check that inputs adhere to the required format and structure

// Stage 3: Communicate with the necessary remote resources using the user inputs
// Request and obtain data from the relevant remote resources

// Stage 4: Visualize and display the obtained data
// Format and present the data on the web page

Following the instructions I visited https://pubaccess.blob.core.windows.net/s3cr3tacc3ss/cred.js and retrieved the flag

//const hidden = 'flag-{F!1@r3w4%ll$sVuln3r4b1^l1tyM4n4g3m3nt}';
//console.log(hidden.replace(/[%#!@$^]/g, ''));

Running the javascript code in console, I retrieved the original flag.

Flag: flag-{F1r3w4llsVuln3r4b1l1tyM4n4g3m3nt}