Flagvent 2025: Hidden 2
FV25.H2 - Santa's Secret Tree
This hidden was discovered while solving the challenge: FV25.10 - Santa's old NAS
Solution
I managed to solve this with some big hints from others, as this was quite tricky to find.
Exploring the /var/www directory, we find an interesting directory: /var/www/web/jquery/jqueryFileTree. This is Santa's Secret Tree, which the challenge title is hinting at. Inside this folder, we see several JavaScript, CSS, and image files.
Running exiftool on the picture.png image reveals a warning:
ExifTool Version Number : 13.06
File Name : picture.png
Directory : .
File Size : 663 bytes
File Modification Date/Time : 2025:12:08 08:25:26+11:00
File Access Date/Time : 2025:12:22 22:54:44+11:00
File Creation Date/Time : 2025:12:22 22:05:36+11:00
File Permissions : -rw-rw-rw-
File Type : PNG
File Type Extension : png
MIME Type : image/png
Image Width : 16
Image Height : 16
Bit Depth : 8
Color Type : RGB with Alpha
Compression : Deflate/Inflate
Filter : Adaptive
Interlace : Noninterlaced
Gamma : 2.2222
Software : Adobe ImageReady
Warning : [minor] Trailer data after PNG IEND chunk
Image Size : 16x16
Megapixels : 0.000256Turns out there is some extra data at the end of the image file:
00000250 C4 BF 00 00 00 00 49 45 4E 44 AE 42 60 82 53 56 ......IEND.B`.SV
00000260 70 4D 52 45 56 4F 54 44 4E 4E 54 6C 56 49 52 55 pMREVOTDNNTlVIRU
00000270 31 4B 56 6B 39 53 56 31 52 4A 54 6B 73 33 54 56 1KVk9SV1RJTks3TV
00000280 6C 5A 56 31 6C 4E 4D 6A 64 50 55 6C 70 45 52 30 lZV1lNMjdPUlpER0
00000290 30 7A 4E 51 3D 3D 0A 0zNQ==.The string is SVpMREVOTDNNTlVIRU1KVk9SV1RJTks3TVlZV1lNMjdPUlpER00zNQ==, which Base64-decodes to IZLDENL3MNUHEMJVORWTINK7MYYWYM27ORZDGM35, which then Base32-decodes to the hidden flag!
Flag:
FV25{chr15tm45_f1l3_tr33}