Tags: ajax 


## 101 You Already Know ##


**No files provided**


> You already know the answer here.
> **Seriously**, *if you can read this*, you already have the flag.
> Submit it!

(More or less, I don't remember the exact wording.)


After trying to paste various pieces of the text into the flag submission box, and being annoyed (because PoW + timeouts), I finally thought about the challenge a bit more. The rules clearly said flags are always in the format `OOO{...}` unless stated otherwise in the description. So after having tried the literal `OOO{...}`, I checked the web inspector.

The HTML for the description box did not contain anything interesting. However, there was a delay between opening the description box and the text loading - clearly the data was loaded asynchronously via AJAX, which enabled the challenges to be revealed by the organisers whenever without having to reload the website.

So, recording the network activity, opening the challenge description triggers a request whose response contained `OOO{Sometimes, the answer is just staring you in the face. We have all been there}`. It was marked as a comment so the respone parser would not even put it into the HTML.

Original writeup (https://github.com/Aurel300/empirectf/blob/master/writeups/2018-05-12-DEF-CON-CTF-Qualifier/README.md#101-you-already-know).