The task didn’t provide us any link or file. So just picked up Live HTTP Headers and went throught the headers. There was an interesting one marked as x-flag: ASIS_b6b?244608c2?c2e869cb56?67b64?b1

Well, now we can see part of the flag but we miss 4 chars of it. So how to find them? Looking at the HTML source code of that page for the flag validation we can see an interesting sha256 hash which is “2b127c77074e44b6e74074b1eb8d32dfe27fe78e6a05e302baed68e2cc643ca1” that basically is the the flag sha256’d 2 times. Well that’s good enough, now just code a bruteforcer that guess the 4 chars and see ,after apply sha256 algorithm 2 times, if it equals to  2b127c77074e44b6e74074b1eb8d32dfe27fe78e6a05e302baed68e2cc643ca1.

Flag: ASIS_b6be244608c27c2e869cb56167b649b1