Tags: web
Rating: 5.0
First up, I visited the URL mentionned in the challenge description. It returned this :
`[513, '71'] 4O48APmBiNJhZBfTWMzD`
Also, the URL changes to : http://167.71.246.232:8080/rabbit_hole.php?page=cE4g5bWZtYCuovEgYSO1. Interesting!
Since the challenge is called “Follow the Rabbit Hole”, I’ve tried “following” the page using the code provided so I used the link : `?page=4O48APmBiNJhZBfTWMzD`
This brings us to another page with the same set of data (an array with a number & what appears to be HEX). So let’s automate this process because I don’t know how far the rabbit hole goes.
I’ve played around with different versions of a Python script to fetch the data but I finally used :
```
import requests
import csv
url = "http://167.71.246.232:8080/rabbit_hole.php?page="
page = "cE4g5bWZtYCuovEgYSO1"
response = requests.request("GET", f"{url}{page}")
with open('C:\\Users\\Bib\\Downloads\\rabbit_hole.csv', 'w', newline='') as csvfile:
rabbit_csv = csv.writer(csvfile, delimiter=';', quotechar='|', quoting=csv.QUOTE_MINIMAL)
while response.text != 'end':
try:
print(f"Following the rabbit hole... Page : {page}")
response = requests.request("GET", f"{url}{page}")
page_split = response.text.split()
first_number = page_split[0].replace("[","").replace(",","")
second_number = page_split[1].split("\'")[1]
array = [first_number, second_number]
rabbit_csv.writerow(array)
page = page_split[2]
except:
print("Script end.")
```
So basically, I went all the way down the rabbit hole and fetched all data inside a CSV file. Then I sorted the data using the first number as an index.
Fig 1. Sample of raw CSV file
Fig 2. Sample of sorted CSV file
After the data was sorted, I made a huge string with the HEX values and passed that to an HEX to ASCII converter. It gave me garbage data but I was able to see the header PNG.
Instead, I re-ran the converter to a PNG file :
Bingo! Challenge solved! Pretty interesting challenge :)
`flag{automation_is_handy}`
