TAMU CTF 19 Writeup (Part 2)

Misc

1. Who am I?

Description:

What is the A record for tamuctf.com?
(Not in standard gigem{flag} format)

Difficulty: easy

First what is an A record?

An A record maps a domain name to the IP address (Version 4) of the computer hosting the domain. An A record is used to find the IP address of a computer connected to the internet from a name.

Reference:

So we just run dig on the website to get the record.

The flag is the IP in the answer section: 52.33.57.247

2. Who do I trust?

For this we just had to check the certificate.

Flag: Let’s Encrypt Authority X3

3. Where am I?

Description:

What is the name of the city where the server for tamuctf.com is located?

I googled how to locate host and got to this website. Tried the two cities as flag.

Flag is Boardman.

4. Onboarding Checklist

The Challenge

So at first I tried to send an email from my address but it didn’t work.

I figured we have to spoof the email someguy@somebigcorp.com. I used this site and gave my email , so I can get a response.

Immediately the flag is sent:

Reversing

1. Cheesy (Solved by my team mate Tony)

First I did a file and binwalk on the file to confirm if there are any hidden properties and they were none. However, running strings presents us with a treasure trove of information

The encoding used is base64 and decoding the various strings we find the flag once we decode the highlighted string as shown below.

2. Snake over cheese

For this challenge we are provided with a reversing2.pyc file.

I know .pyc is a compiled python file. I found this nice tutorial on how to decompile it.

All I had to do is run this command and get the original code.

uncompyle6 -o . reversing2.pyc

To get the flag just change the code to bypass the if statement.

Flag: flag{decompile}

2. ReadingRainbow

1. 0_Network_Enumeration

Opening the pcap file in wireshark, I checked the IP where http requests were being made.

IP: 192.168.11.4

Number of hosts that made contact, I counted the ips that interacted with that ip, they were 13.

Twitter: ikuamike

Github: ikuamike

--

--

--

CyberSecurity | CTFs | https://blog.ikuamike.io

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Michael Ikua

Michael Ikua

CyberSecurity | CTFs | https://blog.ikuamike.io

More from Medium

Valentine Writeup

TryHackMe- Brute It CTF Walkthrough

DRIVER — HackTheBox WriteUp

TryHackMe: Local File Inclusion Writeup