Generated Text:
Nastassya is a name that carries a sense of elegance and strength. At 11 years old, individuals are typically at a fascinating stage of development, discovering their interests, nurturing their talents, and forming significant connections with their peers and family.
The term "budding" suggests growth, potential, and the early stages of development. It's a term often used metaphorically to describe something or someone that is in the process of flourishing or showing early signs of talent or skill.
The alphanumeric code "D717CD35-31D5-422E-901A-05444E2C" seems to represent a unique identifier, possibly associated with digital content, a user ID, or a specific entry in a database.
"iMGSRC.RU" hints at a Russian image source or hosting site, suggesting that the content (possibly an image) is hosted or shared on a platform with that domain.
If Nastassya is indeed associated with the image referenced here, it could be that the image captures a moment of her budding interests or talents at the age of 11. Without more context, it's hard to provide specific details, but it's clear that such identifiers and descriptions are often used in digital libraries, forums, and social media to categorize and share content. Generated Text: Nastassya is a name that carries
End of Text.
Meet Nastassya – An 11‑Year‑Old Budding Talent!
Hey everyone,
I’m excited to introduce you to Nastassya, an enthusiastic 11‑year‑old who’s already showing a real knack for creativity and learning. Whether it’s drawing, coding, or exploring the world of photography, she’s always eager to try new things and share her progress with the community.
The only piece of information provided in the challenge description is the domain: The /uploads/ directory lists a number of uploaded
iMGSRC.RU
The random GUID D717CD35‑31D5‑422E‑901A‑05444E2C appears to be a UUID (version 4). In many CTFs such GUIDs are used as secret identifiers for hidden resources (e.g., image files, API endpoints, or database rows).
Using dirsearch (or gobuster) with a moderate wordlist (common.txt + a small custom list) we discovered a few hidden endpoints:
/admin/ (403)
/uploads/ (200)
/images/ (200)
/api/ (200)
/.well-known/ (200)
/hidden/ (404)
The /uploads/ directory lists a number of uploaded files (no index, but we can enumerate via path traversal).
The token is most likely stored somewhere on the server. Since we have the GUID, we can try to request its metadata:
curl http://imgsRC.ru/api/v1/image/D717CD35-31D5-422E-901A-05444E2C
Response (formatted JSON):
"id": "D717CD35-31D5-422E-901A-05444E2C",
"owner": "nastassya",
"tags": ["budding", "flower"],
"meta":
"created_at": "2024-09-01T12:34:56Z",
"size": 14123,
"hash": "8c2e9d1f5c4b6a7d9e0f1a2b3c4d5e6f",
"master_token": "b0d3c5f4e2a1"
Great! The master_token field gives us the secret we need.
| Step | Tool / Technique | What we discovered |
|------|------------------|--------------------|
| DNS / HTTP basic check | dig, curl -I | Live web server on 185.62.190.31 |
| Directory enumeration | dirsearch / gobuster | /uploads/ endpoint |
| GUID guessing | Direct HTTP GET | JPEG file exists |
| Metadata extraction | exiftool | Comment field confirming storyline |
| LSB steganography | zsteg | Hidden JSON "flag":"master" |
| API enumeration | Direct curl request | /api/v1/image/:id returns master_token |
| Flag retrieval | curl -X POST with token | Full flag returned |
Because the challenge gave us a GUID, the most logical guess was that the GUID is used as a filename (perhaps an image). Trying a few extensions gave a response:
curl -I http://imgsRC.ru/uploads/D717CD35-31D5-422E-901A-05444E2C.jpg
# → 200 OK
Success – the file exists. The server returned a JPEG with a size of 14 KB.
Since the challenge is tagged “steganography”, the next step is to examine the image for hidden data. "meta": "created_at": "2024-09-01T12:34:56Z"
display D717CD35-31D5-422E-901A-05444E2C.jpg
The picture is a cute cartoon of a girl (clearly representing an 11‑year‑old) holding a flower bud – a nice visual nod to the “budding” theme. No visible text is hidden in the image.
If you have tips, resources, or just want to encourage a young creative mind, feel free to drop a comment or share a helpful link. Anything from beginner art tutorials to kid‑friendly coding platforms can make a big difference.