Hackvent 2024: Hidden Hard

Hackvent 202450

[HV24.HH] Frosty's Secret

This hidden was discovered while solving the day 15 challenge: [HV24.15] Rudolph's Symphony

This hidden challenge was also written by myself!

Solution

While exploring the Chrome user data directory, we came across the Favicon SQLite database, which stores various favicon-related data for websites visited with Chrome. We used DB Browser (SQLite) to navigate the database.

There was an intriguing entry in the favicons table. The entry with ID 10 had a URL of https://competition.hacking-lab.com/hv24-hh-favicon.png.

Next, we examined the favicon_bitmaps table, which contains the raw blobs for the favicons. Looking at the image_data field for the row with an icon_id value of 10, we see a favicon which resembles a QR code:

Hackvent 2024 - Hidden Hard - Favicon DB QR Code

Scanning this QR code provides us our hidden flag!

Flag:

HV24{n0_0n3_3v3r_n071c35_7h3_f4v1c0n}

Leave a comment

(required)(will not be published)(required)

Comments

There are no comments yet. Be the first to add one!