Sweet Tooth

Description

CTF: Whitehacks 2021

Help! There’s an attacker who wants to use CSA’s website for phishing! He had to copy CSA’s web codes somewhere!

Find out who is the attacker.

P.S. We heard rumours that the attacker have some liking for Singaporean desserts

Solution

Pwned by @teamfreestuff

Let’s visit the CSA website and pick out an arbitrary file (csa-logo.jpg).

If we try searching for the filename on GitHub and sort by Recently Indexed, we find chachabooboo/csawebsite. The username resembles the dessert bubur cha cha.

If we visit the profile page, we find the flag.

WH2021{051N4_15_LOV3}