Using web.archive.org, we can see previous captures of a given site.

https://apporima.com/ has two captures, one on 9th May 2020, and another on 18th April 2020.

Seeing as this challenge appears to be themed around going back in time, 18th April seems far more interesting to us.

There is a blog post in the April capture, missing from the most recent version which reads: "Today, I created my first CTF challenge.

The flag can be found at forward slash flag dot txt." If we visit https://apporima.com/flag.txt, we get a 404 message, but putting the URL in web.archive.org shows a capture in April which will give us the flag.

Flag: JCTF{the_wayback_machine}

Flag in local storage

Flag: JCTF{spoooooky_ghosts_in_storage}

Change useragent to be "Mozilla/4.0 (compatible; MSIE 5.5; Windows 95; BCD2000)"

Flag: flag{user_agents_undercover}

Go to /robots.txt.

Look at source code

def load_cookie():

    cookie = {}
    auth = request.cookies.get("auth")
    if auth:

        try:
            cookie = json.loads(binascii.unhexlify(auth).decode("utf8"))
            digest = cookie.pop("digest")

            if blah():#...performs check
                return False, {}
        except:
            pass
#...more code...
def index():
    ok, cookie = load_cookie()
    if not ok: return abort(403)
    return render_template(
        "index.html",
        user=cookie.get("user", None),
        admin=cookie.get("admin", None),
        flag=FLAG)
    return True, cookie

So just make cookie exist but somehow error out to skip to end.

I did this by not including digest val in cookie

reload page and...

flag{did_this_even_pass_code_review}

This challenge uses a LFI vulnerability

Use base64 filter to read phonebook.php If

 $_POST($emergency)

is set we get flag so POST and

flag = {phon3_numb3r_3xtr4ct3d}