Sweet Tooth
Description
CTF: Whitehacks 2021
Help! There's an attacker who wants to use CSA's website for phishing! He had to copy CSA's web codes somewhere!
Find out who is the attacker.
P.S. We heard rumours that the attacker have some liking for Singaporean desserts
Solution
Pwned by @teamfreestuff (opens in a new tab)
Let's visit the CSA website and pick out an arbitrary file (csa-logo.jpg
).
If we try searching for the filename on GitHub and sort by Recently
Indexed, we find chachabooboo/csawebsite
. The username resembles the dessert
bubur cha cha (opens in a new tab).
If we visit the profile page, we find the flag.
WH2021{051N4_15_LOV3}