Description for this challenge was:

This is how I solved VirusClicker

This is how we solved Forensics 150 :)

Forensics 100 (Keep Calm and CTF)

The clues given to us were the following.

A game that you can click to grow your grass! Neat! Well let us take a look around shall we? If you take a look at the source code under the premium section there is an interesting JS segment:

Here are the trivia answers:

Alexander Taylor - 100

As we navigate to http://challs.ctf.site:10000/hackersmarket/ we see a 'hackersmarket' where you can buy and sell exploits! Well, let us see if we can break in and steal the exploits ourselves shall we? :) As we navigate to the separate pages you can see the p parameter changing of the index.php file changing. The unconventional .tpl extension is being used to reference page content. This looks ripe for a local file inclusion attack! Typically this involves ../../../../../passwd which should be displayed, but inclusion of and ..\ appears to cause a redirect to the home page. Looking some more we see 1NULLo3KCSKeCZeDQc7ZxY8xcbYiDGrnbY for a bitcoin address. That NULL looks out of place, maybe a clue? Simply doing http://challs.ctf.site:10000/hackersmarket/index.php?p=index.php displays the page overlapped, so this indicates the code is being executed twice. If we look at the page source there is some PHP code:

Description given : IVFU662CIFJUKXZTGJPWG2DBNRWH2===
Dosent look base64, lets try base32
Flag: EKO{BASE_32_chall}

We are now live!! :)