Another day, another challenge…
Today’s challenge will be on CTF Challenge #8 from InfoSec Institute.
Going to the following link
We see the following page.
We’re introduced with the downloading a file.
Doing our trick of right click, view page source we see the following:
We see the file that we need to download called “app.exe”
Downloading and opening the file we noticed that the application is the netstat command listing our network information.
Since our tricks does not work, we need to find a way to view the source of the application.
One option is to use the linux strings command.
The strings command allows you to find English words in file.
If you are working on a Windows machine (like I am) you can download the cygwin emulator which allows you to do simple Linux commands on a Windows machine.
To download cygwin go here.
Note: Make sure when downloading that you add the binutils package to import the strings command.
Copy the app.exe file into the cygwin directory (that you specified in your installation) so you navigate to that file.
After downloading cygwin, and using the strings command we see the following:
We found the flag – infosec_flagis_0x1a!
Lessons learned:
Again, our normal tricks of viewing the page source did not work. We noticed that when we executed the program that it was the netstat command getting information on our network. From there we decided that we would need to see the source of the application to see if the flag was hidden in there. Turns out it was. Overall lesson, be flexible with your tool belt and think outside of the box!
