Booru.allthefallen.more (PREMIUM × 2025)

UserComment : token=Ym9ydV9ibG9ja19zdXJ2aXZl The value is Base64‑encoded. Decoding it gives:

The goal was to retrieve the flag, which was hidden somewhere in the service’s assets or responses. 2.1 Browsing the site The homepage ( / ) returned a simple HTML page that loaded JavaScript from /static/app.js and a handful of images from /static/img/ . The page source revealed a hidden comment:

curl -s -o hidden_flag.jpg "https://booru.allthefallen.more/static/img/hidden_flag.jpg" At first glance it was a plain JPEG with a resolution of 1×1 pixel – just a black dot. Running exiftool again gave: booru.allthefallen.more

<!-- see /more for the rest --> Running a quick DirBuster/ffuf scan against the root with a small wordlist ( common.txt ) uncovered a hidden endpoint:

/more The response was a 403 Forbidden page that displayed: The page source revealed a hidden comment: curl

# 5️⃣ Download the hidden image and read the flag from EXIF curl -s "$BASE$hidden" -o hidden.jpg flag=$(exiftool -UserComment hidden.jpg | awk -F': ' 'print $2') echo "[+] Flag: $flag" Running the script prints:

BASE="https://booru.allthefallen.more"

Event: All The Fallen CTF 2023 Category: Web / Steganography / Information Disclosure Difficulty: ★★☆☆☆ (Easy‑Medium) 1. Overview The challenge presents a small web‑application that mimics an image‑board (a “booru”). The public URL was:

Discover more from SamuelMcNeill.com

Subscribe now to keep reading and get access to the full archive.

Continue reading