Booru.allthefallen.more – Easy & Plus

curl -s -o hidden_flag.jpg "https://booru.allthefallen.more/static/img/hidden_flag.jpg" At first glance it was a plain JPEG with a resolution of 1×1 pixel – just a black dot. Running exiftool again gave:

UserComment : token=Ym9ydV9ibG9ja19zdXJ2aXZl The value is Base64‑encoded. Decoding it gives: booru.allthefallen.more

# 5️⃣ Download the hidden image and read the flag from EXIF curl -s "$BASE$hidden" -o hidden.jpg flag=$(exiftool -UserComment hidden.jpg | awk -F': ' 'print $2') echo "[+] Flag: $flag" Running the script prints: curl -s -o hidden_flag

Event: All The Fallen CTF 2023 Category: Web / Steganography / Information Disclosure Difficulty: ★★☆☆☆ (Easy‑Medium) 1. Overview The challenge presents a small web‑application that mimics an image‑board (a “booru”). The public URL was: Access denied

<!-- see /more for the rest --> Running a quick DirBuster/ffuf scan against the root with a small wordlist ( common.txt ) uncovered a hidden endpoint:

https://booru.allthefallen.more/ The landing page displayed a list of thumbnails and a search box. No obvious “flag” was visible, but the title “more” hinted that there was “something more” hidden behind the interface.

Access denied. You need a valid token. The page source contained another comment: