For level 5, we get a page with an infinite pop-up that says “hacker!!”.
Upon checking the JavaScript on the page using Firebug or the inbuilt developer tools on any browsers, you will see that is is an infinite loop,
for(;;){ alert(‘Hacker!!!’); }
In the line right after the above JavaScript, there is an image of “aliens.jpg” which is definitely not meant to be seen by us since they have setup an infinitely loop right above this line.
With an image, we could now run it through a Steganography decoder. Reading through various forums, many people recommended the Steghide software, but I did it using an online tool called the Steganographic Decoder, and the following is the output,
01101001011011100110011001101111011100110110010101100011010111110110011001101100011000010110011101101001011100110101111101110011011101000110010101100111011000010110110001101001011001010110111001110011
This long string of 1’s and 0’s is obviously a binary code. Upon decoding it using a Binary decode tool, we are the flag for level 5, “infosec_flagis_stegaliens”.
Back to write-up list for InfoSec Institute CTF #1: Hacking for n00bz