H4CK1T CTF 2016: Greenland – 7r0ubl3 (200 points)

Description

Наша сеть была скомпрометирована! Выясните к какой информации злоумышленники могли получить доступ.

Our network has been compromised! Find out what information hackers might gain access.

Solution

Attached was a .pcap file. An easy approach of getting any interesting files from the pcap is using the tool foremost. It carves the file by searching through the input file for any bytes that can be headers and footers of specific filetypes. Let’s try it out:

root@kali:~/h4ck1tctf/Greenland/solve# foremost data_cf55737d6d58cdede26323b468e2fcdc.pcap

1	root@kali:~/h4ck1tctf/Greenland/solve# foremost data_cf55737d6d58cdede26323b468e2fcdc.pcap

The output of the command I ran above will now be in the ./output directory. Below, you can see that directory contains a subdirectory for each of the filetypes foremost thinks to have found.

root@kali:~/h4ck1tctf/Greenland/solve# cd output
root@kali:~/h4ck1tctf/Greenland/solve/output# ls
audit.txt  gif  htm  zip

root@kali:~/h4ck1tctf/Greenland/solve# cd output

root@kali:~/h4ck1tctf/Greenland/solve/output# ls

audit.txt gif htm zip

Let’s go to the zip directory, which I know is the one we are looking for right now, and look at its contents.

root@kali:~/h4ck1tctf/Greenland/solve/output# cd zip
root@kali:~/h4ck1tctf/Greenland/solve/output/zip# ls
00002073.zip

root@kali:~/h4ck1tctf/Greenland/solve/output# cd zip

root@kali:~/h4ck1tctf/Greenland/solve/output/zip# ls

00002073.zip

There appears to be a ZIP archive, which we will of course try to extract.

root@kali:~/h4ck1tctf/Greenland/solve/output/zip# unzip 00002073.zip
Archive:  00002073.zip
  inflating: secret.tar

root@kali:~/h4ck1tctf/Greenland/solve/output/zip# unzip 00002073.zip

Archive: 00002073.zip

inflating: secret.tar

That’s interesting! There is a file called secret.tar in the ZIP archive. Let’s extract!

root@kali:~/h4ck1tctf/Greenland/solve/output/zip# tar -xvf secret.tar
secret.txt

1 2	root@kali:~/h4ck1tctf/Greenland/solve/output/zip# tar -xvf secret.tar secret.txt

It appears to contain a file called secret.txt, which we will look at below:

root@kali:~/h4ck1tctf/Greenland/solve/output/zip# cat secret.txt
68 34 63 6b 31 74 7b 73 30 5f 33 34 73 59 5f 46 6c 34 67 5f 68 75 68 7d

1 2	root@kali:~/h4ck1tctf/Greenland/solve/output/zip# cat secret.txt 68 34 63 6b 31 74 7b 73 30 5f 33 34 73 59 5f 46 6c 34 67 5f 68 75 68 7d

That’s definitely hexadecimal strings, so it might be good to try to decode it to ASCII.

root@kali:~/h4ck1tctf/Greenland/solve/output/zip# xxd -r -p secret.txt
h4ck1t{s0_34sY_Fl4g_huh}

1 2	root@kali:~/h4ck1tctf/Greenland/solve/output/zip# xxd -r -p secret.txt h4ck1t{s0_34sY_Fl4g_huh}

That’s it. The flag is h4ck1t{s0_34sY_Fl4g_huh}.

H4CK1T CTF 2016: Greenland – 7r0ubl3 (200 points)

1 Comment

Leave a Comment Cancel reply