Add today's adventofctf challenge

pull/4/head
Maik de Kruif 4 years ago
parent 9480879718
commit 21a20b4b85
No known key found for this signature in database
GPG Key ID: 46C1200ACD3A432F
  1. 90
      content/posts/adventofctf/challenge_8.md
  2. BIN
      static/img/adventofctf/da781419d6bf02d0a580e48414b9cbde.png

@ -0,0 +1,90 @@
+++
author = "Maik de Kruif"
title = "Challenge 8 - AdventOfCTF"
date = 2020-12-08T09:34:24+01:00
description = "A writeup for challenge 8 of AdventOfCTF."
cover = "img/adventofctf/da781419d6bf02d0a580e48414b9cbde.png"
tags = [
"AdventOfCTF",
"challenge",
"ctf",
"hacking",
"writeup",
"web",
]
categories = [
"ctf",
"writeups",
"hacking",
]
+++
- Points: 800
## Description
If only you could figure out where to go.
Visit <https://08.adventofctf.com> to start the challenge.
## Finding the vulnerability
When opening the website we're greeted with the following message:
> Did you know that the fastest robot can solve a rubiks cube in 0.887 seconds?
This is talking about robots, which my be a hint to look at the [`robots.txt`](https://08.adventofctf.com/robots.txt).
### What is a robots.txt file?
A robots.txt file lives at the root of a website. So, for the site <www.example.com>, a robots.txt file would live at <www.example.com/robots.txt>. robots.txt is a plain text file that follows the [Robots Exclusion Standard](http://en.wikipedia.org/wiki/Robots_exclusion_standard#About_the_standard). A robots.txt file consists of one or more rules. Each rule blocks (or allows) access for a given crawler to a specified file path in that website.
### Opening the file
The file shows the following:
```text
# robots.txt generated by *************.com
User-agent: *
Disallow: /
Disallow: /cgi-bin/
Disallow: /encryption/is/a/right
Disallow: /fnagn/unf/znal/cynprf/gb/tb
```
This probably means there is some sensitive information on one of the `Disallow` locations. Let's look at them one by one.
**`/cgi-bin/`**
When opening [`/cgi-bin/`](https://08.adventofctf.com/cgi-bin/), we get a `404` error. So let's skip this one for now.
**`/encryption/is/a/right`**
Upon opening [`/encryption/is/a/right`](https://08.adventofctf.com/encryption/is/a/right/), we get some encoded string back. It looks like `base64` so let's try to decode it using `base64 -d` in the terminal:
```bash
echo "RW5jb2RpbmcgYW5kIGVuY3J5cHRpb24gYXJlIDIgZGlmZmVyZW50IHRoaW5ncy4=" | base64 -d
> Encoding and encryption are 2 different things.
```
This doesn't mean a lot so let's have a look at the next one.
**`/fnagn/unf/znal/cynprf/gb/tb`**
After opening [`/fnagn/unf/znal/cynprf/gb/tb`](https://08.adventofctf.com/fnagn/unf/znal/cynprf/gb/tb/), we're greeted with the following text:
> "Oh, the places you'll go", my favorite poem... but this is the wrong place. Maybe you read that wrong?
Hmm, it says "Maybe you read that wrong?". The URL also looks kinda weird. It might be `rot13` encoded. So let's try to decode it using `rot13`:
```bash
echo "/fnagn/unf/znal/cynprf/gb/tb" | rot13
> /santa/has/many/places/to/go
```
_Note: `rot13` is not a program on linux, I just programmed it as an alias for `tr 'A-Za-z' 'N-ZA-Mn-za-m'`_
We got new url (I hope 😀). Let's try to [access it](https://08.adventofctf.com/santa/has/many/places/to/go/). We got the flag! It is `NOVI{you_have_br@1ns_in_your_head}`.
This flag can then be submitted for the [challenge](https://ctfd.adventofctf.com/challenges#7-8).

Binary file not shown.

After

Width:  |  Height:  |  Size: 536 KiB

Loading…
Cancel
Save