You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
116 lines
4.1 KiB
116 lines
4.1 KiB
+++
|
|
author = "Maik de Kruif"
|
|
title = "CCTV"
|
|
subtitle = "Beginners Quest 1 - Google CTF"
|
|
date = 2021-09-22T14:26:25+01:00
|
|
description = "A writeup for challenge 1 of the beginners quests of the Google CTF."
|
|
cover = "img/writeups/google-ctf/2021/beginners-quest/1/cover.png"
|
|
tags = [
|
|
"Google CTF",
|
|
"Beginners Quest",
|
|
"ctf",
|
|
"hacking",
|
|
"writeup",
|
|
"web",
|
|
"rev",
|
|
]
|
|
categories = [
|
|
"ctf",
|
|
"writeups",
|
|
"hacking",
|
|
"rev",
|
|
]
|
|
aliases = [
|
|
"1"
|
|
]
|
|
+++
|
|
|
|
## Story line
|
|
|
|
### Novosibirsk - Chemical plant
|
|
|
|
"You must wonder why we have summoned you, AGENT? It has come to our attention that something terrible is about to take place. There is still time to prevent the disaster, and we could not think of anyone more suited for this task than you. We believe that if you can’t solve this quest, neither can anybody else. You have to travel to Novosibirsk, and investigate a suspicious chemical plant. This mission must be executed in secrecy. It’s classified, and it regards the safety of the whole world, therefore we can’t tell you anything more just yet. Go now, you have the fate of the world in your hands."
|
|
|
|
#### Challenge: CCTV (rev)
|
|
|
|
You arrive at your destination. The weather isn't great, so you figure there's no reason to stay outside and you make your way to one of the buildings. No one bothered you so far, so you decide to play it bold - you make yourself a cup of coffee in the social area like you totally belong here and proceed to find an empty room with a desk and a chair. You pull out our laptop, hook it up to the ethernet socket in the wall, and quickly find an internal CCTV panel - that's a way better way to look around unnoticed. Only problem is... it wants a password.
|
|
|
|
### After solving
|
|
|
|
You have now investigated the chemical plant. Nothing seemed to be out of the ordinary, even though the workers acted somewhat passive, but that’s not a good enough to track. It seems like you have a new voice mail from the boss: "Hello there, AGENT! It seems like the corporation that owns the plant was informed by an anonymous source that you would arrive, and therefore they were prepared for your visit, but your colleague AGENT X has a lead in Moscow, we’ve already booked you a flight. FIRST CLASS of course. In fact if you look out of the window, you should be able to see a black car arriving now, and it will carry you to the airport. Good luck!"
|
|
|
|
## Link
|
|
|
|
<https://cctv-web.2021.ctfcompetition.com/>
|
|
|
|
## Recon
|
|
|
|
Upon opening the given link, we see a website with a password form.
|
|
|
|
When opening the source, we find the following javascript:
|
|
|
|
```js
|
|
const checkPassword = () => {
|
|
const v = document.getElementById("password").value;
|
|
const p = Array.from(v).map((a) => 0xcafe + a.charCodeAt(0));
|
|
|
|
if (
|
|
p[0] === 52037 &&
|
|
p[6] === 52081 &&
|
|
p[5] === 52063 &&
|
|
p[1] === 52077 &&
|
|
p[9] === 52077 &&
|
|
p[10] === 52080 &&
|
|
p[4] === 52046 &&
|
|
p[3] === 52066 &&
|
|
p[8] === 52085 &&
|
|
p[7] === 52081 &&
|
|
p[2] === 52077 &&
|
|
p[11] === 52066
|
|
) {
|
|
window.location.replace(v + ".html");
|
|
} else {
|
|
alert("Wrong password!");
|
|
}
|
|
};
|
|
```
|
|
|
|
## Solving
|
|
|
|
Let's start by analysing this script. It starts of by getting the input value, and splitting it in a list. It then uses the `map()` function to add `0xCafe` to every character. So "a" would become `97 + 51966 = 52063` (`97` is the ASCII value of `"a"`, and `51966` is decimal for `0xCafe`).
|
|
|
|
To find the password, we only have to reverse the values given in the javascript code. To do this, I wrote a little python script:
|
|
|
|
```py
|
|
code = {
|
|
0: 52037,
|
|
6: 52081,
|
|
5: 52063,
|
|
1: 52077,
|
|
9: 52077,
|
|
10: 52080,
|
|
4: 52046,
|
|
3: 52066,
|
|
8: 52085,
|
|
7: 52081,
|
|
2: 52077,
|
|
11: 52066,
|
|
}
|
|
|
|
password = ""
|
|
|
|
for i in range(max(code.keys()) + 1):
|
|
password += chr(code[i] - 0xCafe)
|
|
|
|
print(password)
|
|
```
|
|
|
|
This prints the following result: `GoodPassword`.
|
|
|
|
## Solution
|
|
|
|
If we enter the password (`GoodPassword`), we get redirected to this page:
|
|
|
|
{{< figure src="/img/writeups/google-ctf/2021/beginners-quest/1/cctv.png" title="CCTV" >}}
|
|
|
|
Here we can find the flag in the bottom left: `CTF{IJustHopeThisIsNotOnShodan}`.
|
|
|