Creative Agency

By Narcissus

The link leads to a portfolio site:

After poking around a bit we noticed that the images had strange looking links, for example:

If you flip this upside down it reads: ./img/work2.jpg. What would happen if we take the flags location /home/bsidestlv/flag.txt and flip it in the same way?

To do this we collected a bunch of links from the site and using letters from them we managed to flip the location of the flag:

We navigated there and got the following response: Error: ENOENT: no such file or directory, stat '/app/home/bsidestlv/flag.txt'.

It seems we landed in the wrong directory, let's try to go back one by adding ˙˙, new url:

This time we got the flag: BSidesTLV{I_Like_FlipFlops_And_I_Cannot_Lie}.