TAMU CTF 19 Writeup (Part 2)
Misc
1. Who am I?
Description:
What is the A record for
tamuctf.com?
(Not in standardgigem{flag}format)Difficulty: easy
First what is an A record?
An A record maps a domain name to the IP address (Version 4) of the computer hosting the domain. An A record is used to find the IP address of a computer connected to the internet from a name.
Reference:
So we just run dig on the website to get the record.
The flag is the IP in the answer section: 52.33.57.247
2. Who do I trust?
For this we just had to check the certificate.
Flag: Let’s Encrypt Authority X3
3. Where am I?
Description:
What is the name of the city where the server for tamuctf.com is located?
I googled how to locate host and got to this website. Tried the two cities as flag.
Flag is Boardman.
4. Onboarding Checklist
So at first I tried to send an email from my address but it didn’t work.
I figured we have to spoof the email someguy@somebigcorp.com. I used this site and gave my email , so I can get a response.
Immediately the flag is sent:
Reversing
1. Cheesy (Solved by my team mate Tony)
First I did a file and binwalk on the file to confirm if there are any hidden properties and they were none. However, running strings presents us with a treasure trove of information
The encoding used is base64 and decoding the various strings we find the flag once we decode the highlighted string as shown below.
2. Snake over cheese
For this challenge we are provided with a reversing2.pyc file.
I know .pyc is a compiled python file. I found this nice tutorial on how to decompile it.
All I had to do is run this command and get the original code.
uncompyle6 -o . reversing2.pyc
To get the flag just change the code to bypass the if statement.
Flag: flag{decompile}
2. ReadingRainbow
1. 0_Network_Enumeration
Opening the pcap file in wireshark, I checked the IP where http requests were being made.
IP: 192.168.11.4
Number of hosts that made contact, I counted the ips that interacted with that ip, they were 13.
