Figma Plugin Docs
Dashboard Blog Post

Http://skidrowcpygames.com/pass02 -

| Step | Tool / Command | What we looked for | Why it mattered | |------|----------------|-------------------|-----------------| | | Browser “View Page Source”, curl | Hidden comments, scripts, invisible elements | The challenge hides data in a comment | | Search for patterns | grep -i -n 'base64\|flag\|ctf' | Strings that look like encodings or flag keywords | Quickly isolates suspicious blobs | | Extract comment content | grep -oP '(?<=<!--\s*)([A-Za-z0-9+/=]+)(?=\s*-->)' | Precise extraction of the Base64 block | Avoids copying stray whitespace | | Decode | base64 -d | Turns the encoded blob into readable text | Reveals the actual flag | | Submit | CTF platform UI | – | Confirms success |

$ echo 'ZmxhZzogY3RmeyJmZXRjaF9tZV9vbmVfZmxhZyI6IHRydWV9' | base64 -d flag: ctf"fetch_me_one_flag": true http://skidrowcpygames.com/pass02

Visiting http://skidrowcpygames.com/pass02 shows a very minimal page: | Step | Tool / Command | What

| Step | Tool / Command | What we looked for | Why it mattered | |------|----------------|-------------------|-----------------| | | Browser “View Page Source”, curl | Hidden comments, scripts, invisible elements | The challenge hides data in a comment | | Search for patterns | grep -i -n 'base64\|flag\|ctf' | Strings that look like encodings or flag keywords | Quickly isolates suspicious blobs | | Extract comment content | grep -oP '(?<=<!--\s*)([A-Za-z0-9+/=]+)(?=\s*-->)' | Precise extraction of the Base64 block | Avoids copying stray whitespace | | Decode | base64 -d | Turns the encoded blob into readable text | Reveals the actual flag | | Submit | CTF platform UI | – | Confirms success |

$ echo 'ZmxhZzogY3RmeyJmZXRjaF9tZV9vbmVfZmxhZyI6IHRydWV9' | base64 -d flag: ctf"fetch_me_one_flag": true

Visiting http://skidrowcpygames.com/pass02 shows a very minimal page: