Sweet Tooth

Description

CTF: Whitehacks 2021

Help! There's an attacker who wants to use CSA's website for phishing! He had to copy CSA's web codes somewhere!

Find out who is the attacker.

P.S. We heard rumours that the attacker have some liking for Singaporean desserts

Solution

Pwned by @teamfreestuff (opens in a new tab)

Let's visit the CSA website and pick out an arbitrary file (csa-logo.jpg).

CSA website sources

If we try searching for the filename on GitHub and sort by Recently Indexed, we find chachabooboo/csawebsite. The username resembles the dessert bubur cha cha (opens in a new tab).

GitHub search

If we visit the profile page, we find the flag.

GitHub search

WH2021{051N4_15_LOV3}

Programmes for Youths Totoro's Winter Adventure