"LITCTF 2k24": Extracting a Flag Hidden in a console.log CSS Format Specifier

Challenge Description

1
name: anti-inspect
2
category: web exploitation
3
points: 109

can you find the answer? WARNING: do not open the link your computer will not enjoy it much. URL: http://litctf.org:31779/ Hint: If your flag does not work, think about how to style the output of console.log

Solution

Since the challenge warns us against opening the link on our browser, I assumed there is some kind of infinite loop inside the script tag. Curling the link given to us gives the following page:

➜ curl http://litctf.org:31779/
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>Document</title>
  </head>
  <body>
    <script>
      const flag = "LITCTF{your_%cfOund_teh_fI@g_94932}";
      while (true)
        console.log(
          flag,
          "background-color: darkblue; color: white; font-style: italic; border: 5px solid hotpink; font-size: 2em;"
        );
    </script>
  </body>
</html>

At first when I tried to submit the flag LITCTF{your_%cfOund_teh_fI@g_94932}, it said wrong flag, so I checked the hint, our flag doesn’t work, let’s take the javascript code inside the script tag and run it with nodejs

nodejs-pic

The flag is: LITCTF{your_fOund_teh_fI@g_94932}

Things learned from this challenge:

How to inspect source code
Simple usage of curl command