Get the Key!

20 Dec 2014

#SECCON CTF’14

Points: 100
Category: Network

nw100.pcap

Hint: None

Write up

We can analyze the file using WireShark. Looking at the traffic, we can say that the user requested for a bunch of HTML’s and images . Let us export all the HTML objects and see.

Some of them are simple gif’s but on opening the ` nw100 ` html page in the browser we see that there is a file called ` key.html ` . This is the one which contains the flag. Now we return to WireShark and find out the server address to where the request is sent.

On going to ` http://133.242.224.21:6809/nw100/key.html ` we find that it asks for authentication -

In WireShark we find the packet in which he sends his login information to the server and analyze it.

On following the TCP Stream we find that the authorisation was Basic and we have the Base-64 encoding of the id and the password in the folowing format - ` id:password`

After the conversion of c2VjY29uMjAxNDpZb3VyQmF0dGxlRmllbGQ= to ASCII we get the string as - ` seccon2014:YourBattleField `

Using these credentials on the authentication page we are granted access to the ` key.html ` file. This, on opening gives us the flag.

Flag :

SECCON{Basic_NW_Challenge_Done!}

chinmay_dd

Get the Key!

Write up

Related Posts

Autobot (First time using Binja!) 13 Apr 2020

Foundations of Dataflow Analysis 22 Sep 2018

Of Program Analysis and more 05 Sep 2018