Dog Ear
A solo founder's "second brain" — pages, tasks, journals. The static export she pushed to the web carries a stray bit of operating-system housekeeping that names files she never linked.
The Scenario
Dog Ear is a personal-workspace app built by Cora Brandt. She exports the whole workspace to static HTML for her marketing site so prospects can see real screens instead of stock images. The export was done from a Mac. Something in the static folder remembers every file that sat next to it.
Challenge Intel
Synopsis
A .DS_Store left behind in /static/ enumerates filenames including an unlinked staff-roster.json that holds the flag.
What It Is
macOS creates a .DS_Store file in every folder Finder touches. It is a binary index of the directory's contents (filenames, view options, thumbnail metadata). When the workspace was exported and rsync'd to the web server, the .DS_Store rode along. /static/.DS_Store is served as-is. Running `strings` (or the `ds_store` Python lib) over it reveals filenames in the directory, including `_internal/staff-roster.json` which is also served and contains the flag in its `notes` field.
Who It's For
Players who know that OS metadata files leak filenames but haven't yet pulled one off a real site and read it.
Skills You'll Practice
- Identifying .DS_Store / Thumbs.db on a target
- Parsing .DS_Store to enumerate sibling filenames
What You'll Gain
- A reflex to always check /.DS_Store on Mac-built static sites
- Understanding why your CDN config should block OS cruft by default