Securinets CTF Quals 2019 Misc HIDDEN

HIDDEN

My friend asked me to find his hidden flag in this link .. Can you help me?

Link

Linkを開くとなんかエラーが出てる。

f:id:Yunolay:20190325100551p:plain

一応、仮想から例外追加して中身見たけどflag is hereみたいなことが書いてあったと思う。

~ ᐅ curl -v https://misc1.ctfsecurinets.com/
*   Trying 54.37.10.51...
* Connected to misc1.ctfsecurinets.com (54.37.10.51) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 592 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
* server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
* Closing connection 0
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
~ ᐅ curl -vk https://misc1.ctfsecurinets.com/
*   Trying 54.37.10.51...
* Connected to misc1.ctfsecurinets.com (54.37.10.51) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 592 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
*        server certificate verification SKIPPED
*        server certificate status verification SKIPPED
*        common name: ctfsecurinets.com (does not match 'misc1.ctfsecurinets.com')
*        server certificate expiration date OK
*        server certificate activation date OK
*        certificate public key: RSA
*        certificate version: #3
*        subject: C=TN,ST=Tunisia,L=Tunis,O=Securinets{HiDDeN_D@tA_In_S3lF_S3iGnEd_CeRtifICates},CN=ctfsecurinets.com,EMAIL=challenge@securinets.com
*        start date: Wed, 20 Mar 2019 21:36:46 GMT
*        expire date: Thu, 19 Mar 2020 21:36:46 GMT
*        issuer: C=TN,ST=Tunisia,L=Tunis,O=Securinets{HiDDeN_D@tA_In_S3lF_S3iGnEd_CeRtifICates},CN=ctfsecurinets.com,EMAIL=challenge@securinets.com
*        compression: NULL
* ALPN, server accepted to use http/1.1
> GET / HTTP/1.1
> Host: misc1.ctfsecurinets.com
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx/1.10.3 (Ubuntu)
< Date: Mon, 25 Mar 2019 01:09:55 GMT
< Content-Type: text/html; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
<
Flag is somewhere here
* Connection #0 to host misc1.ctfsecurinets.com left intact

curlのエラー出てたから無視したらフラグあった。 オレオレ証明書かなんか使ってたからエラー出てたっぽい。詳しいことはわかりません;

FLAG : Securinets{HiDDeN_D@tA_In_S3lF_S3iGnEd_CeRtifICates}