In cybersecurity, a Capture The Flag (CTF) competition is where participants solve various security challenges to capture hidden "flags" or pieces of information. CTFs are fun, practical learning experiences that simulate real-world cybersecurity scenarios. Within this lesson, you will have the opportunity to find "flags" by locating specific information using the View Page Source feature as well as other features that you will learn about. A flag is a secret word hidden somewhere on the site. Here is an example:
Keep track of all the flags you find!
Good luck!
Did you know that you can see the underlying programming code of any web page? Could this be a potential risk? Could cybercriminals use this in a malicious way?
The "view page source" option on a browser allows you to view the HTML, CSS, and JavaScript code that is being used to display the content you see. This option lets you peek behind the scenes and see the actual code that makes up the webpage!
It's a handy tool for understanding how different elements on a page are structured and styled, but could this be a potential risk? What important information might be stored in the code of a webpage?
In this activity, you will find four flags (and an optional bonus flag) hidden somewhere within the website. Each flag will include a word. Keep track of the words.
Open the site in a new tab: Capture the Flag Site
1. The first flag is hidden in the site's source code. Use the View Page Source feature to find it. If your right-click is disabled, copy and paste this into your web browser: view-source:https://capturetheflag-8785761.codehs.me/index.html
2. In the source code, there is a style.css file. Search this file for the second flag. Take note of the web address of this file. How is it different than the original website?
3. In the source code, there is also a script.js file. Search this file for the third flag. Look at the web address here as well. What is the only part of the address that is different in each file?
4. Lastly, there is another file that is NOT listed on the website or in the source code. You can only access this file by typing it in the web address bar. To find this file, unscramble the following word and place it in the web address in the format shown:
https://capturetheflag-8785761.codehs.me/___________.txt
5. Advanced Bonus Flag (Optional): Right-click on the image of the cat and save the file to your desktop. Open the file with a text editor (either Notepad on a Windows computer or TextEdit on a Mac). Find the bonus flag!
In this activity, you will explore the console using the developer tools to find two flags!
If your developer tools are disabled, click on this link to complete a similar activity: Simulated Console
1. Warning messages and errors are listed in the console. Why might the developer of the website be interested in knowing these?
2. Why might a cyber criminal be interested in knowing a website's errors?
In this activity, you will explore local storage using the developer tools to find one more flag!
If your developer tools are disabled, click on this link to complete a similar activity: Simulated Local Storage
1. What could be a risk of keeping information in local storage?
2. How could you ensure that the information stored in local storage is secure?
