Hacking DEFCON Toronto: Galahad - CTF - Part1

pentesting

#1

Introduction

It was 7:20 pm on my small city, I just buyed a new computer so I was installing Kali, and browsing Vulnhub for a cool and fast CTF.

I stumbled upon a CTF called DEFCON Toronto: Galhad it’s difficulty was on easy, so I guessed It was time for me to play a little.

Warning: EVERYTHING I’M TYPING AND TEACHING IT’S JUST FOR EDUCATIONAL USE ONLY, NOT RESPONSABLE OF ANY BAD USE OF THIS TUTORIAL, and this part 1 will cover how to get the flag on port 80

Recon

We execute a nmap scan to find the machine on the network:

Now we have the IP. The IP is 192.168.0.17

As you see we have port 22, 80 and 50000 open. I think we all know what this ports are all about, but if you don't know I will explain them down here.

Ports: Crash Course

Port 22: is usually associated with SSH and SMTP, mostly use for file tranport protocols and secure logins.
Port 80: It’s associated with TCP and mostly web development.
Port 50,000: It uses TCP and transmits data.

Getting Flag Port 80

So we have port 80 open, that means we have a web server running on that IP. So lets go to http://192.168.0.17

We are received with this web-page:

For the cuorius out there the binary translates to:

Welcome

This is were the adventure begins -.-

DC416 Team

btw

no flag here ;(

Let's inpect the source:

Aha! We want that scipt, we really want that script. At first it is just spaghetti code, but I took the time oganize the code, so you can read it on my Github.

The code uses the firefox API to print something on the console.

This little encryption is ROT-13:
ROT-13 Encrypted: synt1{z00ap4xr}
ROT-13 Decrypted: flag1{m00nc4ke}

We just obtained out first flag, congratulations

Conclusion

This will be a serious of 3 "walktroughs" in each one I will expose how I managed to get trough this challenge, feel free to discuss on different solution, or ways of getting this file.

Thanks for reading and as always, never stop searching.
-Thirsty-Robot


#2

Hey, nice writeup, looking forward to more ! This was one of the funnier machines I did ! What do you think about this machine?


#3

Thank you, I think it’s easy but hard enough for a beginner. I enjoy this type of challenges and move a little out of the assembly stuff, because it hurts the eyes