Menu

Booru.allthefallen.more -

# 2️⃣ Download the image and extract the token from EXIF curl -s "$BASE$thumb" -o thumb.jpg token=$(exiftool -UserComment thumb.jpg | awk -F': ' 'print $2') echo "[+] Token extracted: $token"

/more The response was a 403 Forbidden page that displayed: booru.allthefallen.more

UserComment : flagb0oru_4ll_th3_f4ll3n_m0r3 That was the flag! For completeness, I also tried a classic LSB steganography check on the image using zsteg : # 2️⃣ Download the image and extract the

Event: All The Fallen CTF 2023 Category: Web / Steganography / Information Disclosure Difficulty: ★★☆☆☆ (Easy‑Medium) 1. Overview The challenge presents a small web‑application that mimics an image‑board (a “booru”). The public URL was: | | Base64 decoding | Turned the encoded

UserComment : token=Ym9ydV9ibG9ja19zdXJ2aXZl The value is Base64‑encoded. Decoding it gives:

[+] Token extracted: boru_block_survive [+] Flag: flagb0oru_4ll_th3_f4ll3n_m0r3 | Technique | Why it mattered | |-----------|-----------------| | Directory brute‑forcing (ffuf/DirBuster) | Discovered the hidden /more endpoint. | | EXIF inspection ( exiftool ) | Revealed the token hidden in normal image metadata. | | Base64 decoding | Turned the encoded token into a usable string. | | Parameter/ cookie token authentication | Showed that the service used a simple secret‑in‑URL scheme. | | Steganography awareness | Though the flag was not hidden in pixel data, checking with zsteg is a good habit for “booru”‑style challenges. |

Our site uses cookies so that we, and our partners, can remember you and understand how you and other visitors use our site as per our Privacy Policy. If you prefer we don't use cookies, please disable them in your browser.