[paven]

Fishy HTTP - Forensics - Easy

Good luck everyone! Let's tackle this together!
https://app.hackthebox.com/challenges/fishy-http

[Blackoofconsequently]

Use dotpeek, and the rest is super easy

[pwns4k3]

Use dotpeek, and the rest is super easy

Can you give me a nudge?

For the first part of the flag there is clean mapping seen in MyProject assembly

    private static Dictionary<string, string> tagHex = new Dictionary<string, string> 
    { 
        { "cite", "0" }, 
        { "h1", "1" }, 
        { "p", "2" }, 
        { "a", "3" }, 
        { "img", "4" }, 
        { "ul", "5" }, 
        { "ol", "6" }, 
        { "button", "7" }, 
        { "div", "8" }, 
        { "span", "9" }, 
        { "label", "a" }, 
        { "textarea", "b" }, 
        { "nav", "c" }, 
        { "b", "d" }, 
        { "i", "e" }, 
        { "blockquote", "f" } 
    };  

it is just simple decoding of html tags to hex and hex to bytes.

For the second part of the flag:
The feedback content is split into individual words using the `split()` method.
Each word is examined to determine its corresponding character in the Base64 encoding scheme.
The mapping is based on the first character of each word
If a word starts with a non-alphabetic character or a number, that character is directly added to the reconstructed string.
For words that are not found in the provided word list, the first character of the word is copied as is.

[mazafaka555]

i recovered first part of the flag without any issue, but somehow stuck on the second part.... i got some undecipherable mess. trying to play around...

[skalvin]

did you solve it?

[wtfduw]

Use dotpeek, and the rest is super easy

Can you give me a nudge?

For the first part of the flag there is clean mapping seen in MyProject assembly

    private static Dictionary<string, string> tagHex = new Dictionary<string, string> 
    { 
        { "cite", "0" }, 
        { "h1", "1" }, 
        { "p", "2" }, 
        { "a", "3" }, 
        { "img", "4" }, 
        { "ul", "5" }, 
        { "ol", "6" }, 
        { "button", "7" }, 
        { "div", "8" }, 
        { "span", "9" }, 
        { "label", "a" }, 
        { "textarea", "b" }, 
        { "nav", "c" }, 
        { "b", "d" }, 
        { "i", "e" }, 
        { "blockquote", "f" } 
    };  

it is just simple decoding of html tags to hex and hex to bytes.

For the second part of the flag:
The feedback content is split into individual words using the `split()` method.
Each word is examined to determine its corresponding character in the Base64 encoding scheme.
The mapping is based on the first character of each word
If a word starts with a non-alphabetic character or a number, that character is directly added to the reconstructed string.
For words that are not found in the provided word list, the first character of the word is copied as is.

Could you please explain more the part around the second part of the flag? I did not quite manage to understand it.

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[darktivox]

i recovered first part of the flag without any issue, but somehow stuck on the second part.... i got some undecipherable mess. trying to play around...

Did you solve it? Im still having issues...

[redbaby]

any writes up available on this issue !

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Reposting hidden content for free

[kevindragonfly]

Looking for a writeup on this!

[awwliveyet]

what? i recovered first part of the flag without any issue. in the second i am getting only messy stuff