Introduction
It was 7:20 pm on my small city, I just buyed a new computer so I was installing Kali, and browsing Vulnhub for a cool and fast CTF.
I stumbled upon a CTF called DEFCON Toronto: Galhad it’s difficulty was on easy, so I guessed It was time for me to play a little.
Warning: EVERYTHING I’M TYPING AND TEACHING IT’S JUST FOR EDUCATIONAL USE ONLY, NOT RESPONSABLE OF ANY BAD USE OF THIS TUTORIAL, and this part 1 will cover how to get the flag on port 80
Recon
We execute a nmap scan to find the machine on the network:
Now we have the IP. The IP is 192.168.0.17
As you see we have port 22, 80 and 50000 open. I think we all know what this ports are all about, but if you don't know I will explain them down here.
Ports: Crash Course
Port 22: is usually associated with SSH and SMTP, mostly use for file tranport protocols and secure logins.
Port 80: It’s associated with TCP and mostly web development.
Port 50,000: It uses TCP and transmits data.
Getting Flag Port 80
So we have port 80 open, that means we have a web server running on that IP. So lets go to http://192.168.0.17
We are received with this web-page:
For the cuorius out there the binary translates to:
Welcome
This is were the adventure begins -.-
DC416 Team
btw
no flag here ;(
Let's inpect the source:
Aha! We want that scipt, we really want that script. At first it is just spaghetti code, but I took the time oganize the code, so you can read it on my Github.
The code uses the firefox API to print something on the console.
This little encryption is ROT-13:
ROT-13 Encrypted: synt1{z00ap4xr}
ROT-13 Decrypted: flag1{m00nc4ke}
We just obtained out first flag, congratulations
Conclusion
This will be a serious of 3 "walktroughs" in each one I will expose how I managed to get trough this challenge, feel free to discuss on different solution, or ways of getting this file.
Thanks for reading and as always, never stop searching.
-Thirsty-Robot