Introduction
Hi I'm back again, a plesure to be writing again for everyone on this website. A few days ago I got my hands into a CTF which I'm quite hook on. So I came back and worked overnight because I have also some personal projects.WARNING: EVERYTHING I’M TYPING AND TEACHING IT’S JUST FOR EDUCATIONAL USE ONLY, NOT RESPONSABLE OF ANY BAD USE OF THIS TUTORIAL.
Finding directories on port 80
I was wondering if this port had more directories, and apparently yep, it has more. I decided to run a uniscan, because it is preatty fast and easy.
As you see we have 3 directories and I checked them one by one:
Icons
Actually, quite interesting.
Staff
So the staff directory is special, you are received with a homepage:
But as always (also, life advice), search deep into the bone of everything:
Holy sh*t, HOLY SHIT. I think it is a wordlist on base-64 here, take a look:
Major breakthrough, you can find it on my Github. Maybe next post I will do a bruteforce on port 22, but, with what username? Anyway, back to normal.
Admin
Admin has this;
Now let’s download…
The .pyc sitcom
So our download gave us this file:
A python compiled file, nothing new. We can use the following command with a cool tool.
We convert the .pyc to .py or, at least “readable” language. it gave us this file:
Yea, cool challenge. So I investigated a little and DEFCON CTF’s have this kind of challenges all the time. It is not that hard but still a good challenge.
The number of under-scores refer to a letter in the alphaber, example:
_ : A
__ : B
___ : C
and so on.
So if we grab a notebook and start counting, our flag is:
flag4 {f0urd1g1tz}
Conclusion
Thank you so much for reading this second post, I really recommend reading the first one. I will love to head your opinions in the wordlist file, I will investigate more, and talk about this file on the next post I make. With anything to say...Thanks for reading and as always, never stop searching.
-Thirsty-Robot