IntroductionHi I'm back again, a plesure to be writing again for everyone on this website. A few days ago I got my hands into a CTF which I'm quite hook on. So I came back and worked overnight because I have also some personal projects.
WARNING: EVERYTHING I’M TYPING AND TEACHING IT’S JUST FOR EDUCATIONAL USE ONLY, NOT RESPONSABLE OF ANY BAD USE OF THIS TUTORIAL.
Finding directories on port 80I was wondering if this port had more directories, and apparently yep, it has more. I decided to run a uniscan, because it is preatty fast and easy.
As you see we have 3 directories and I checked them one by one:
Actually, quite interesting.
StaffSo the staff directory is special, you are received with a homepage:
But as always (also, life advice), search deep into the bone of everything:
Holy sh*t, HOLY SHIT. I think it is a wordlist on base-64 here, take a look:
Major breakthrough, you can find it on my Github. Maybe next post I will do a bruteforce on port 22, but, with what username? Anyway, back to normal.
Admin has this;
Now let’s download…
The .pyc sitcom
So our download gave us this file:
A python compiled file, nothing new. We can use the following command with a cool tool.
We convert the .pyc to .py or, at least “readable” language. it gave us this file:
Yea, cool challenge. So I investigated a little and DEFCON CTF’s have this kind of challenges all the time. It is not that hard but still a good challenge.
The number of under-scores refer to a letter in the alphaber, example:
_ : A
__ : B
___ : C
and so on.
So if we grab a notebook and start counting, our flag is:
ConclusionThank you so much for reading this second post, I really recommend reading the first one. I will love to head your opinions in the wordlist file, I will investigate more, and talk about this file on the next post I make. With anything to say...
Thanks for reading and as always, never stop searching.