In level 3, we see a QR code with a progress bar for a bounty of $30.
At first thought, the hint to where the flag could be hidden would be inside the QR code. However, there is a progress bar being placed right below the QR code. However, after checking the code behind the progress bar, it seems to be nothing but a distraction to mislead people.
To check whether anything is being hidden behind the QR code, you can use your phone (there is many apps in Google Play and Apple App Store that allows you to scan for QR code), or if your prefer using your web browser, you can try using this QR code decoder instead. Personally, I prefer to do it using my browser since I don’t like to switch between my computer and my phone to pass messages.
Viola! The QR code decoder has returned the following raw text, which is essentially a string written in Morse code.
.. -. ..-. --- ... . -.-. ..-. .-.. .- --. .. ... -- --- .-. ... .. -. --.
Using a Morse code translator, we are able to translate the string of text into the flag for level 3 – “INFOSECFLAGISMORSING”.
Back to write-up list for InfoSec Institute CTF #1: Hacking for n00bz