Get The Key Seccon CTF 2014 100pts
Download File Soal
<a href="https://github.com/ctfs/write-ups/blob/master/seccon-ctf-2014/get-the-key/nw100.pcap">nw100.pcap</a>
Kita diberikan hasil rekam network dengan wireshark file format .pcap , buka file tersebut dengan wireshark untuk memulai menganalisa kemudian di sana kita menemukan ada akses ke http://133.242.224.21:6809/nw100/ menggunakan username : seccon2014 dan password : YourBattleField
Menggunakan curl kita coba login ke ip tersebut
$ curl --user 'seccon2014:YourBattleField' 'http://133.242.224.21:6809/nw100/'' <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <html> <head> <title>Index of /nw100</title> </head> <body> <h1>Index of /nw100</h1> <table><tr><th><img src="/icons/blank.gif" alt="[ICO]"></th><th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a></th></tr><tr><th colspan="5"><hr></th></tr> <tr><td valign="top"><img src="/icons/back.gif" alt="[DIR]"></td><td><a href="/">Parent Directory</a></td><td> </td><td align="right"> - </td><td> </td></tr> <tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="key.html">key.html</a></td><td align="right">29-Nov-2014 22:12 </td><td align="right"> 48 </td><td> </td></tr> <tr><th colspan="5"><hr></th></tr> </table> <address>Apache/2.2.22 (Debian) Server at 133.242.224.21 Port 6809</address> </body></html>
Terlihat ada file key.html , Coba kita lihat isinya
curl --user 'seccon2014:YourBattleField' 'http://133.242.224.21:6809/nw100/key.html' <HTML> SECCON{Basic_NW_Challenge_Done!} </HTML>
Ternyata disana ada flagnya :
SECCON{Basic_NW_Challenge_Done!}