SpookyCTF 2023

4 min readOct 29, 2023

This was easy to find using Google images. You can read more about it HERE.

The article I linked also has an exact street address for the mural. But trying to format it correctly for the flag was actually the hardest part about the whole challenge.

NICC{950_24th_St_NW_Washington_DC}

I started by typing “snowy court Washington DC” in Google and I found this, which just happened to be right near the mural in the previous challenge:

If you open this area in Google maps, you can see there is a street nearby called Queen Annes Ln, and then a hotel called “The River Inn” very close by.

It has a restaurant called “Matera Italian Restaurant & Bar”.

NICC{The-River-Inn_Matera}

You get a PCAP file to examine. I did a search for the “NICC” string:

On package 2182 you can see that the username was passed in a POST request using HTTP.

NICC{h77p_15_1n53cur3}

You can use exiftool to see the GPS coordinates where the photo was taken, and the date/time above that:

I put the coordinates in Google and found this:

NICC{The_Anchored_Inn-03:47:12}

I’m sure there was a more elegant solution here, but I just opened it with notepad and did Ctrl+F for “NICC”.

This was the search I used, and the first result seemed to be what I was looking for:

It’s from Florida also.

But I tried both the publication number and Patent number and neither of those worked.

I kept searching around for various numbers to try. Eventually I found the correct format in the search results on the official US Patent website.

NICC{US-20220371752-A1}

I used CyberChef to quickly convert from Base64 and then saved the output as a .jpg file, which revealed the flag.

NICC{just_chillin}

I clicked on the “Learn More” button and got the first bit of the flag:

The second one was the absolute hardest to find, but it was in the bootstrap.css file. Which I didn’t even bother looking in for the first hour or so, because why would I?

I only found this with like 10 minutes left in the CTF.