4 min readNov 10, 2022


Hello everyone, i hope you all are doing well. This is my first writeup, feel free to comment your suggestions which helps me to improve. In this writeup I am solving some challenges from the recent FETCH THE FLAG CTF by SNYK.

Going directly in to it…

Potty Training (steg)

Potty Training Challenge Description

As we can see, the challenge is related to steganography. Basic analysis like file,exiftool doesn’t gave anything so i tried zsteg which gave a link.


Similarly, we can use the tool stegano mentioned in the chall description


Yeah..!! We got something interesting.

When try to access the link we got, it gives error


Then I checked other chall links, which uses http instead https. So I tried http.

BOOM.. We got the flag…..


File Explorer (web)

File Explorer Challenge Description

This is a web based challenge, there is a free hint github repo with source code but before that i visited the given webpage


This /public/ page makes me think about path tarversal, so i tried ../

but it returns to homepage, then i tried url encoded payload ..%2f

(%2f = /)

and tried to read /etc/passwd

we got the file and understood that it is vulnerable but there is no need to read the /etc/passwd just wanted to go a single directory backward. Now we can see the files and there itself the flag file

vulnerable to path traversal

We got the flag..

Treasure Trove (web)

Treasure Trove Challenge Description

The challenge description points about JS reversing. A link and a file is provided, like the above challenge i first visited the website


and checked the source code, found a js file ‘swashbuckle.js’. While going through the js file i found a validate method.


I used browser console and entered validate, i found this code


I tried to understand the code

  • It takes the HTML input
  • checks the characters
  • checks the key length is 25
  • convert the keys to charcode and add together, check if the sum is 1800

So i reversed it

  • 1800/25 = 72
  • 72 is the charCode of ‘H’
  • As we can see in the input field it hints about 5 character in each 5 fields
  • so i tried HHHHH in each input fields

Ta-da! We got it..

Thank you everyone for reading my writeup…

Feel free to comment and suggest.