หน้าเว็บ

วันอาทิตย์ที่ 7 ธันวาคม พ.ศ. 2557

SECCON CTF 2014: Get the key (Network) Write-up


Description:
nw100.pcap
Solution: 
         Download this pcap file and open this file with Wireshark, Next step I go to menu Statistics > Protocol Hierarchy, select Hypertext Transfer Protocol (right click) > Apply as Filter > Selected



          Authorization Required to /nw/100/ ? Go to Follow TCP Stream and get username and password base64 format to decode and authen in http://133.242.224.21:6809/nw100/


Base64 Decode:
root@ubuntu:~# echo c2VjY29uMjAxNDpZb3VyQmF0dGxlRmllbGQ= | base64 --decode
seccon2014:YourBattleField
root@ubuntu:~#

          It mean username seccon2014 and password YourBattleField go to authen in http://133.242.224.21:6809/nw100/



         Access to http://133.242.224.21:6809/nw100/key.html and get a flag. :)


Flag: SECCON{Basic_NW_Challenge_Done!}

ไม่มีความคิดเห็น:

แสดงความคิดเห็น