This is a writeup for the Inspector Gadget challenge, part of the Hack the box's Cyberapocalypse CTF 2021, category Web.
Prompt
Inspector Gadget was known for having a multitude of tools available for every occasion. Can you find them all?
Recon
We are given a url to a website, and upon opening it we see a big ol' CHTB{ slapped right in our faces.
This clearly indicates, that we're facing a scavenger hunt. So, checking the HTML of the webpage, we find the next piece of the puzzle
<!--1nsp3ction_-->
Surprisingly, robots.txt doesn't give us anything useful, so we look into /static/js/main.js next.
console.log("us3full_1nf0rm4tion}");
Just to make sure, we check whether CHTB{1nsp3ction_us3full_1nf0rm4tion} is the flag, and unsurprisingly it isn't.
So, we logically check the css next, and open /static/css/main.css to find
/* c4n_r3ve4l_ */
Solution
We can now easily deduce, that our flag is
CHTB{1nsp3ction_c4n_r3ve4l_us3full_1nf0rm4tion}
Thank you for reading!
The information in this blog, as well as all the tools, apps and libraries I develop are currently open source.
I would love to keep it this way, and you can help!
You can buy me a coffee from here, which will go towards the next all-nighter I pull off!
Or you can support me and my code monthly over at Github Sponsors!
Thanks!