The Fish Lover's Blog contains some hidden information. Find it!
There's not a lot of explanation for this challenge. Again, we used Burp Suite Pro to intercept our web traffic to/from the challenge site. Loading the initial page we noticed the following comments in the HTML source
< !-- the files are stored at /webserver_upload_3043493/ctf/hidden_files/ --> < !-- BUGBUG: make sure permissions on directories and files are correct -->Hmmm... Loading up
http://challenge13.mozillactf.org/webserver_upload_30439/ctf/hidden_files/"results gives us a
403 Forbidden. So we know the directory exists, but we still don't know where the flag is. There's a shockwave object embedded into the page displaying a fish animation, but that is just a red herring (bad pun).
Well, it's a low-point challenge. Maybe we could just guess the name of the flag file?
GET /webserver_upload_3043493/ctf/hidden_files/flag HTTP/1.1 HTTP/1.1 404 Not FoundNo luck.
GET /webserver_upload_3043493/ctf/hidden_files/flag.php HTTP/1.1 HTTP/1.1 404 Not FoundStill no love.
GET /webserver_upload_3043493/ctf/hidden_files/flag.txt HTTP/1.1 HTTP/1.1 200 OK youJustGotTheFlagDudeCongratsWoot! Another 50 points...