Menu
Buy
Nearest Store:Use your current location
Menu
Basket

Booru.allthefallen.more Work -

boru_block_survive

UserComment : token=Ym9ydV9ibG9ja19zdXJ2aXZl

(often referred to as ATFBooru ) is a niche anime-centric image board and a major subdomain of the All The Fallen community. Functioning as a specialized "booru"—a community-driven archive—it allows users to upload, tag, and organize visual media with a primary focus on the " moe " aesthetic. booru.allthefallen.more

Running a quick DirBuster/ffuf scan against the root with a small wordlist ( common.txt ) uncovered a hidden endpoint:

Every image uploaded is assigned metadata tags (e.g., solo , blue_eyes , landscape , copyright_name ). This allows users to search for highly specific combinations of visual elements (e.g., searching blue_eyes + sword + forest yields only images containing all three). This system turned Booru sites into powerful archives for fan art, predominantly for anime and video game subcultures. This allows users to search for highly specific

# 5️⃣ Download the hidden image and read the flag from EXIF curl -s "$BASE$hidden" -o hidden.jpg flag=$(exiftool -UserComment hidden.jpg | awk -F': ' 'print $2') echo "[+] Flag: $flag"

In the context of Booru URL structures and user search habits, terms like .more or more generally signify a user’s intent to access extended or uncategorized content. The landing page displayed a list of thumbnails

The landing page displayed a list of thumbnails and a search box. No obvious “flag” was visible, but the title “more” hinted that there was “something more” hidden behind the interface.

The homepage ( / ) returned a simple HTML page that loaded JavaScript from /static/app.js and a handful of images from /static/img/ . The page source revealed a hidden comment:

| Technique | Why it mattered | |-----------|-----------------| | (ffuf/DirBuster) | Discovered the hidden /more endpoint. | | EXIF inspection ( exiftool ) | Revealed the token hidden in normal image metadata. | | Base64 decoding | Turned the encoded token into a usable string. | | Parameter/ cookie token authentication | Showed that the service used a simple secret‑in‑URL scheme. | | Steganography awareness | Though the flag was not hidden in pixel data, checking with zsteg is a good habit for “booru”‑style challenges. |