First up, I visited the URL mentionned in the challenge description. It returned this : `[513, '71'] 4O48APmBiNJhZBfTWMzD` Also, the URL changes to : http://167.71.246.232:8080/rabbit_hole.php?page=cE4g5bWZtYCuovEgYSO1. Interesting! Since the challenge is called “Follow the Rabbit Hole”, I’ve tried “following” the page using the code provided so I used the link : `?page=4O48APmBiNJhZBfTWMzD` This brings us to another page with the same set of data (an array with a number & what appears to be HEX). So let’s automate this process because I don’t know how far the rabbit hole goes. I’ve played around with different versions of a Python script to fetch the data but I finally used : ``` import requests import csv url = "http://167.71.246.232:8080/rabbit_hole.php?page=" page = "cE4g5bWZtYCuovEgYSO1" response = requests.request("GET", f"{url}{page}") with open('C:\\\Users\\\Bib\\\Downloads\\\rabbit_hole.csv', 'w', newline='') as csvfile: rabbit_csv = csv.writer(csvfile, delimiter=';', quotechar='|', quoting=csv.QUOTE_MINIMAL) while response.text != 'end': try: print(f"Following the rabbit hole... Page : {page}") response = requests.request("GET", f"{url}{page}") page_split = response.text.split() first_number = page_split[0].replace("[","").replace(",","") second_number = page_split[1].split("\'")[1] array = [first_number, second_number] rabbit_csv.writerow(array) page = page_split[2] except: print("Script end.") ``` So basically, I went all the way down the rabbit hole and fetched all data inside a CSV file. Then I sorted the data using the first number as an index. ![](https://0x90skids.com/tenable-ctf-writeup/images/tenable- ctf/rabbit_hole_csv_1.png) Fig 1. Sample of raw CSV file ![](https://0x90skids.com/tenable-ctf-writeup/images/tenable- ctf/rabbit_hole_csv_2.png) Fig 2. Sample of sorted CSV file After the data was sorted, I made a huge string with the HEX values and passed that to an HEX to ASCII converter. It gave me garbage data but I was able to see the header PNG. Instead, I re-ran the converter to a PNG file : ![](https://0x90skids.com/tenable-ctf-writeup/images/tenable- ctf/rabbit_hole_flag.png) Bingo! Challenge solved! Pretty interesting challenge :) `flag{automation_is_handy}` Original writeup (https://0x90skids.com/tenable-ctf-writeup/#follow-the- rabbit-hole).