Rating: 0

http://otterctf.com:8000 shows a message:

`Please use our Ultra Otter browser to use our P2TaaS(Picture To Text as a Service)`

The User-Agent must be changed to "Ultra Otter". Then it displays a simple upload page and if you submit an image, it returns an ascii art for it.

If you click a submit button without choosing an image, it shows an error page (werkzeug with debugger turned on).
But remember the hint: This is not a pwn challenge, do not hack the server.

If you inspect the HTML page source, you will find that the images are from:

http://otterctf.com:8000/static/

And the web has a directory listing turned on!
One of the image in the directory was not a part of the web:

`1e0a220ee5875bcae68df3e5bc288896.png`

It was very strange image with a secret message in the alpha bit 0 (LSB), but it was scrambled like the RGB.
The image has been devided into four parts by 5x5 pixel squares.
We've decomposed it and found that it is a lutra (4 parts: original, flipped horizontally, flipped vertically and flipped horizontally+vertically).

We're not able to find an exact solution - composition of the layers...
But the text could be guessed from the separed (and still a little bit scrambled) layers:

```
The Flag is
UltR4_LuTR4_15_Th3_B35t
```

`CTF{UltR4_LuTR4_15_Th3_B35t}`