In today’s challenge we will solve level 3 from the Natas wargame. Let’s begin.
Going to the following link, and entering the username of “natas3” and password we retrieved from the second challenge we see:
Password from level 2:
Pressing Enter we see:
Doing a right click, view source we see:
Hmm… we have a hint. “No more information leaks!! Not even Google will find it this time…”
Knowing a thing or two about how Google indexes websites, I know that some websites use a robots.txt file. Let’s see if this website is using that.
Entering “robots.txt” at the end of the URL we see:
OK – the first parameter user-agent specifies that any agent is allowed. We’re disallowing the /s3cr3t/ folder. Let’s go to this folder and see what’s there…
Entering the /s3cret/ folder we see:
Hmm… there’s a users.txt file. Let’s see what’s there.
We’ve acquired the password for level 2 from the level 1 challenge (screenshot below):
Entering the username of “natas2” and password from the above screenshot we see the following:
Nothing on the page, eh… I don’t believe that.
Let’s try, right click view source and see what we get.
We notice there’s an image source of a pixel.
Clicking this link we see:
It truly is just a pixel. What if we remove the “pixel.png”? Maybe there are other files on the system. Let’s try it.
Removing the “pixel.png” and pressing Enter we see:
We see an extra file – users.txt. I wonder what’s in it.
Clicking users.txt, we noticed that it lists the different username and passwords. The one we want is the fourth row – natas3. We’ve found natas3 password!
In today’s blog post we’re going to solve the “A Thing Called A Stack” challenge from PicoCTF.
Let’s get started.
Clicking on the challenge, we see the following:
OK, so we’re given a file, and we need to determine the difference between the value of esp at the end of the code, and the location of the saved return address.
Looking at the hints we see the following:
We’ve encountered two different questions. Where is the return address saved, and what commands actually affect the stack.
DISCLAIMER: I haven’t worked with assembly in probably 8 years. So, what did I do? Go to YouTube.
Entering – “Assembly tutorial” I found a GREAT crash course on explaining assembly.
Today’s blog post we will solving the “Special Agent User” challenge in the PicoCTF.
Let’s get started.
Clicking on the challenge we see:
We have another pcap (packet capture file) and we need to find the User Agent. OK. Sounds plausible. Let’s look at the hints.
There’s a link that discuss more about user-agents. Let’s go to that link.
Opening that link we see the following:
The web page explains the different components of the User-String. This will be useful.
Opening the packet capture file we notice the usual stuff UDP, and ICMP packets. And like with the first “Digital Camouflage” challenge we can ignore this.
User-Agent strings are found in HTTP requests. We need to look at packet captures for just HTTP requests.
Doing this we see a packet that’s piqued our interest…
On packet 80 (GET / HTTP/1.1) we’ll do a right click, Follow, HTTP stream.
Doing this we have the following:
Looking at the last entry in the user agent, we can see that the packet is using Firefox 25. Entering that as the flag, we’ve acquired 50 points!
Today’s blog post is solving the, “Meta Find Me” challenge within PicoCTF.
Let’s get started.
Clicking on the challenge we see:
OK, we need to find meta data inside of an image. Let’s see what the hints give us.
We need to answer the question of how location is stored in imaged. Look like Google will once again be our friend đŸ™‚
After downloading the image, and doing a Google search of, “GPS info on photos” we’re presented with the following link.
Reading the link (which is from How-To-Geek) we learn that if we look at the properties of a image it will give the GPS coordinates.
OK, that’s a start.
While continuing reading the article we notice that with these type of images there’s an embedded EXIF data in the image.
Let’s try a Google search of “EXIF GPS decrypter” and see if we can view the embedded EXIF data for our image.
Doing that Google search we’re presented with the following link.
Going to that link, and uploading our image and click the “view EXIF” button we’re presented with the following:
Looking at the comment we see that part of the flag is present, we need to find the latitude and longitude. Luckily that’s presented above the comment.
Today’s blog post will be solving the “Hash101” challenge from the PicoCTF.
Let’s get started.
Clicking on the challenge we see…
OK we need to hashes to claim our flag. Let’s see what the hints say.
Looking at the hints Google will be our friend đŸ™‚
Connecting to the server we see:
We need to convert the binary to ASCII text.
Doing a Google search of, “binary to ASCII text converter” search we get the following website.
Going there, we see:
Changing the binary to the binary in the challenge we get:
The text we’re looking for is “peace” entering this in we are now in the second level of the challenge.
We need to find the hex value of our word, peace. Going back to the link referenced above, we see that the hex is referenced.
Entering that we now need to enter the decimal equivalent. For this, going back to Google and entering “hex to decimal converter” we get the following link.
Clicking the link we see:
Entering the hex value we get the following decimal value.
Entering that into the challenge we get the following:
Going to the third level we see:
Reading the description one might ask, what are we looking for?
Remember from the first level of the challenge where we need to find the ASCII text?
Doing a Google search of, “ASCII table” we find the following link.
Opening the link we see the ASCII equivalent of the letters.
We need to find a string that when doing the modulo of base 16 we get a number of 10.
One might wonder… what is modulo?
The modulo is the remainder of a division equation.
We know that we are dividing by 16 and the modulo (remainder) needs to be 10.
One way to achieve this is to find any multiple of 16 and add 10.
Why multiple of 16? Doing a multiple of 16 if we did a modulo of that the modulo would be 0 (as there is no remainder).
Doing this I was able to do the following:
Entering 4, we had a module of 4 and not 10.
Entering the string of “:” we were able to complete the level. Why? “:” in ASCII is 58. How did we get 58? 16 * 3 = 48 + 10 = 58. We’re adding 10 because we know we need a remainder of 10.
Moving to level 4 we see:
Doing another Google search of, “MD5 decrypter” we get the following link.
Clicking the link and entering the md5 hash, we get the following:
Entering this the level we see:
Entering this flag into the input box we’ve acquired 50 points!
You must be logged in to post a comment.