CSAW CTF 2016 Quals Fuzyll (200) Writeup

1. Fuzyll (200 Points)
2. -------------------
3.  
4. I probably solved this problem differently from everyone else, but hey, minimum effort ftw.
5.  
6. The problem directs us to the page http://fuzyll.com/files/csaw2016/start, which asks us for the form of colorblindness fuzyll has. A quick google for the forms of colorblindness leads us to http://fuzyll.com/files/csaw2016/deuteranomaly, which gives us an image of strawberries. Using exiftool, we are asked for the first defcon finals challenge fuzyll ever scored points on. At this point, I got lazy, and threw together a brute force script to find all pages on fuzyll's website that existed, in the form http://fuzyll.com/files/csaw2016/<word>, using a dictionary of over 300,000 english words (found here: https://github.com/dwyl/english-words). I let the script run overnight, and in the morning, discovered that /start, /deuteranomaly, /jade, and /tomato all existed. http://fuzyll.com/files/csaw2016/jade happened to be part 5 of 6 of the challenge, giving us an image of some Incan ruins (Wiñay Wayna) that I easily tracked down in google. http://fuzyll.com/files/csaw2016/winaywayna gave us the flag.
7.  
8. flag: flag{WH4T_4_L0NG_4ND_STR4NG3_TRIP_IT_H45_B33N}