- Resource: NahamCon CTF 2020
- CTF Name: Localghost
- Points: 75
- Category: Web
Note::: This CTF is expired and no longer live so flags will be posted.
- BooOooOooOOoo! This spooOoOooky client-side cooOoOode sure is scary! What spoOoOoOoky secrets does he have in stooOoOoOore??
- Note, this flag is not in the usual format.
When first looking at this page nothing really seems evident. If you scroll down then more ghosts are added to the page almost endlessly and the script doesn't appear helpful either.
There is an odd note in the Console Log that I haven't seen before...
Array [ "Intercom" ]
This hint has to do with the first hint about client side code.
Now that I know that it is dealing with client side code I can dive into looking up information about Intercom and how it works.
Now that the flag is there I can see that it is being loaded in localStoreage by the code just after the flag that is
"setItem","localStorage". Now that I know it's in localStorage I am not going to waste any time trying to decode it but instead see what's in the LocalStorage and there it is.
This flag showed me some interesting stuff about Intercom but really it taught me to check out some of the more obvious places first. LocalStorage and SessionStorage and fairly common places to store user data.