Introduction
It was 7:20 pm on my small city, I just buyed a new computer so I was installing Kali, and browsing Vulnhub for a cool and fast CTF.
I stumbled upon a CTF called DEFCON Toronto: Galhad it’s difficulty was on easy, so I guessed It was time for me to play a little.
Warning: EVERYTHING I’M TYPING AND TEACHING IT’S JUST FOR EDUCATIONAL USE ONLY, NOT RESPONSABLE OF ANY BAD USE OF THIS TUTORIAL, and this part 1 will cover how to get the flag on port 80
Recon
We execute a nmap scan to find the machine on the network:
Now we have the IP. The IP is 192.168.0.17
As you see we have port 22, 80 and 50000 open. I think we all know what this ports are all about, but if you don't know I will explain them down here.
Ports: Crash Course
Port 22: is usually associated with SSH and SMTP, mostly use for file tranport protocols and secure logins.
Port 80: It’s associated with TCP and mostly web development.
Port 50,000: It uses TCP and transmits data.
Getting Flag Port 80
So we have port 80 open, that means we have a web server running on that IP. So lets go to http://192.168.0.17
![](upload://imUBChcEhLU9zOYeZBMXH4RrHFn.png "source: imgur.com")We are received with this web-page:
![](upload://8kvBWFNAVlnQykKpC6Rrkh5HM8n.jpeg "source: imgur.com")For the cuorius out there the binary translates to:
Welcome
This is were the adventure begins -.-
DC416 Team
btw
no flag here ;(
Let's inpect the source:
![](upload://2jufMQBOdW1I2MCsnzGkD7aoR45.png "source: imgur.com")Aha! We want that scipt, we really want that script. At first it is just spaghetti code, but I took the time oganize the code, so you can read it on my Github.
![](upload://k1BHj0DjSPJLOx64hTCP0jtFNRP.png "source: imgur.com")The code uses the firefox API to print something on the console.
![](upload://ek8J8Ym8lT8sZZl1HbOG67RdYrs.png "source: imgur.com")This little encryption is ROT-13:
ROT-13 Encrypted: synt1{z00ap4xr}
ROT-13 Decrypted: flag1{m00nc4ke}
We just obtained out first flag, congratulations
Conclusion
This will be a serious of 3 "walktroughs" in each one I will expose how I managed to get trough this challenge, feel free to discuss on different solution, or ways of getting this file.
Thanks for reading and as always, never stop searching.
-Thirsty-Robot