25.5.15

Wargames.my 2015 Challenge5 Sikit-sikit lama-lama jadi bukit

On this wargames.my 2015, our team managed to settled only 2 challenged because we were busy with our final exam, no brain left to commit to the competition.

so lets go with the challenge
the hint given is some C&C server address which is blablayadaaofeiwnfvocwvonwec.wargames.my

so we open sinkholed_traffic.pcapng with wireshark and filter the address
after a while we managed to find something useful in http header which is
"wefwavwef="

I am no master in programming, so I utilize the linux tools and shell
here the summary of if



 r0x@b0x:~/Desktop$ sudo tcpick -C -yP -r sinkholed_traffic.pcapng | grep wefwavwef= > decode.txt   
   
 r0x@b0x:~/Desktop$ cat decode.txt   
 wefwavwef=3b2cc923a4beb7dfff5e378cdb41626a86c05ef6MDQvMDY%3dAQEFXQAAAQAMJwAICgHA5%2f0%2bAAAFAREZAHMAeQBz  
 wefwavwef=6a7dd901c5965c767b69e3eea46c2afa82a12485MDIvMDY%3d%2fCcAOhoIznZkpyGug6wH%2bnE%2bf0ygjpQO3U005JRj  
 wefwavwef=f31e92d008b9a49d3047b15b44c627e0b05ffdbfMDYvMDY%3dARUGAQAgAAAAAAA%3d  
 wefwavwef=a6b153ee99408406b3a9ac260c809fb74d990bf3MDUvMDY%3dAGkAbgBmAG8ALgB0AHgAdAAAABQKAQDQffjJPZTQ  
 wefwavwef=f0a021760a1407e957c080362497f2f726f1b774MDMvMDY%3d5gBiE9NITMr1ItKk%2fiLBAQQGAAEJKwAHCwEAASMD  
 wefwavwef=8bc85586c9caafcc26673c98caaf980f57277091MDEvMDY%3dN3q8ryccAAMGi8mhKwAAAAAAAABWAAAAAAAAAGG4  
   
 r0x@b0x:~/Desktop$ urlencode -d wefwavwef=3b2cc923a4beb7dfff5e378cdb41626a86c05ef6MDQvMDY%3dAQEFXQAAAQAMJwAICgHA5%2f0%2bAAAFAREZAHMAeQBz \  
 > wefwavwef=6a7dd901c5965c767b69e3eea46c2afa82a12485MDIvMDY%3d%2fCcAOhoIznZkpyGug6wH%2bnE%2bf0ygjpQO3U005JRj \  
 > wefwavwef=f31e92d008b9a49d3047b15b44c627e0b05ffdbfMDYvMDY%3dARUGAQAgAAAAAAA%3d \  
 > wefwavwef=a6b153ee99408406b3a9ac260c809fb74d990bf3MDUvMDY%3dAGkAbgBmAG8ALgB0AHgAdAAAABQKAQDQffjJPZTQ \  
 > wefwavwef=f0a021760a1407e957c080362497f2f726f1b774MDMvMDY%3d5gBiE9NITMr1ItKk%2fiLBAQQGAAEJKwAHCwEAASMD \  
 > wefwavwef=8bc85586c9caafcc26673c98caaf980f57277091MDEvMDY%3dN3q8ryccAAMGi8mhKwAAAAAAAABWAAAAAAAAAGG4 | tr " " "\n" > decode.txt  
   
 r0x@b0x:~/Desktop$ cat decode.txt | perl -p -e 's/^.*?MD/MDY/' | sort | sed 's/.*MDY=//' | base64 -d > decode.7z  
   
 r0x@b0x:~/Desktop$ 7z e decode.7z | cat sysinfo.txt | grep flag  
 the flag is - worryingwontmakeanybetter  
 r0x@b0x:~/Desktop$   
   
   

the flag is - worryingwontmakeanybetter

a little bit messy, but it get the job done. Kudos for organizer for awesome and pecah kepala punya soalan. Congratz to team Rempah, aleuto, deyum and all teams that participating. Till next time
5 najashark.net: Wargames.my 2015 Challenge5 Sikit-sikit lama-lama jadi bukit On this wargames.my 2015, our team managed to settled only 2 challenged because we were busy with our final exam, no brain left to commit to...

No comments:

Post a Comment

Post Comment

< >