Hacking DEFCON Toronto: Galahad - CTF - Part2

hacking

#1

Introduction

Hi I'm back again, a plesure to be writing again for everyone on this website. A few days ago I got my hands into a CTF which I'm quite hook on. So I came back and worked overnight because I have also some personal projects.

WARNING: EVERYTHING I’M TYPING AND TEACHING IT’S JUST FOR EDUCATIONAL USE ONLY, NOT RESPONSABLE OF ANY BAD USE OF THIS TUTORIAL.

Finding directories on port 80

I was wondering if this port had more directories, and apparently yep, it has more. I decided to run a uniscan, because it is preatty fast and easy.

As you see we have 3 directories and I checked them one by one:

Icons

Actually, quite interesting.

Staff
So the staff directory is special, you are received with a homepage:

But as always (also, life advice), search deep into the bone of everything:

Holy sh*t, HOLY SHIT. I think it is a wordlist on base-64 here, take a look:

Major breakthrough, you can find it on my Github. Maybe next post I will do a bruteforce on port 22, but, with what username? Anyway, back to normal.

Admin

Admin has this;

Now let’s download…

The .pyc sitcom

So our download gave us this file:

A python compiled file, nothing new. We can use the following command with a cool tool.

We convert the .pyc to .py or, at least “readable” language. it gave us this file:

Yea, cool challenge. So I investigated a little and DEFCON CTF’s have this kind of challenges all the time. It is not that hard but still a good challenge.

The number of under-scores refer to a letter in the alphaber, example:

_ : A
__ : B
___ : C

and so on.

So if we grab a notebook and start counting, our flag is:

flag4 {f0urd1g1tz}

Conclusion

Thank you so much for reading this second post, I really recommend reading the first one. I will love to head your opinions in the wordlist file, I will investigate more, and talk about this file on the next post I make. With anything to say...

Thanks for reading and as always, never stop searching.
-Thirsty-Robot

(system) #2

This topic was automatically closed after 30 days. New replies are no longer allowed.