We are given the website campfire-stories.hkn which looks like this:

We can write the beginning of a story and the AI will continue it for us.

Looking at robots.txt we get:

# https://www.robotstxt.org/robotstxt.html
# Maybe we should not train on company data?
# Could our ftp credentials be leaked by the AI?
# Probably not a problem. Nobody writes stories about ftp anyway
# datacenter.campfire-stories.hkn should still be safe right?
User-agent: *
Disallow: /
Allow: /$
Allow: /share/*
Allow: /images/*
Allow: /static/*

Which seems to suggest that the AI bot can leak the ftp credentials, so let’s try:

Convert Z3B0OTAwMA== from base64 gives us gpt9000, so lets login to datacenter.campfire-stories.hkn and get the file:

$ ftp datacenter.campfire-stories.hkn
Connected to datacenter.campfire-stories.hkn.
220 pyftpdlib 1.5.9 ready.
Name (datacenter.campfire-stories.hkn:haaukins): admin
331 Username ok, send password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
229 Entering extended passive mode (|||21011|).
125 Data connection already open. Transfer starting.
-rw-rw-rw-   1 root     root     22502646 Jan 09 08:25 train.txt
226 Transfer complete.
ftp> get train.txt
local: train.txt remote: train.txt
229 Entering extended passive mode (|||21003|).
125 Data connection already open. Transfer starting.
100% |***********************************| 21975 KiB   98.79 MiB/s    00:00 ETA
226 Transfer complete.
22502646 bytes received in 00:00 (98.62 MiB/s)
ftp> exit
221 Goodbye.

$ grep "DDC{" train.txt
DDC{Im-happy-Dave-I-see-you-found-the-flag}