Skip to content

Latest commit

 

History

History
 
 

get-the-key

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 

SECCON CTF 2014: Get the key

Category: Network Points: 100 Description:

nw100.pcap

Write-up

Let’s open the provided packet capture file in Wireshark.

In frame 21 (frame.number == 21) a request is made to http://133.242.224.21:6809/nw100/ using Basic Authentication, with username seccon2014 and password YourBattleField. Let’s re-use those credentials to log in:

$ curl --user 'seccon2014:YourBattleField' 'http://133.242.224.21:6809/nw100/''
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
 <head>
  <title>Index of /nw100</title>
 </head>
 <body>
<h1>Index of /nw100</h1>
<table><tr><th><img src="/icons/blank.gif" alt="[ICO]"></th><th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a></th></tr><tr><th colspan="5"><hr></th></tr>
<tr><td valign="top"><img src="/icons/back.gif" alt="[DIR]"></td><td><a href="/">Parent Directory</a></td><td>&nbsp;</td><td align="right">  - </td><td>&nbsp;</td></tr>
<tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="key.html">key.html</a></td><td align="right">29-Nov-2014 22:12  </td><td align="right"> 48 </td><td>&nbsp;</td></tr>
<tr><th colspan="5"><hr></th></tr>
</table>
<address>Apache/2.2.22 (Debian) Server at 133.242.224.21 Port 6809</address>
</body></html>

The page shows a directory listing with a single file named key.html in it. Let’s take a look:

$ curl --user 'seccon2014:YourBattleField' 'http://133.242.224.21:6809/nw100/key.html'
<HTML>
SECCON{Basic_NW_Challenge_Done!}
</HTML>

The flag is SECCON{Basic\_NW\_Challenge\_Done!}.`

Other write-ups and resources