20.2.17

Wargames.my 2017 monthly Challenge (January)

The Question.
For the January 2017 Challenge, take a look at this
+++ bankgroup.us +++
The hint from our crew : The fundamental.
Find the flag and make a good readable writeup for our crew. Send it at wgmy2016@gmail.com
Have fun and enjoy! Do note that, excessive usage of any automated scanner is not allowed!.



Because of the hint fundamental
So I try, nslookup, whois, and dig
No interesting outcome for nslookup and whois, but something interesting on dig
I tried dig bankgroup.us TXT
aj69@srv:~# dig bankgroup.us +noall +answer ANY

; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> bankgroup.us +noall +answer ANY
;; global options: +cmd
bankgroup.us.           3788    IN      HINFO   "Please stop asking for ANY" "See draft-ietf-dnsop-refuse-any"

It warn not to use ANY, then I tried straight to the TXT section hope will find something on that section
root@srv:~# dig bankgroup.us +noall +answer TXT
; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> bankgroup.us +noall +answer TXT
;; global options: +cmd
bankgroup.us.           299     IN      TXT     "N3q8ryccAASpcFcnsAAAAAAAAAA1AAAAAAAAAOOaNWJd7k4PCFF/aUiqAKhV/q9uV8Qm51pm+GJ7TUy7ofBPHvcz6ZcmIeRv6dH3Ts/mpF6hHldwnakFMsrole1lTb4vjz0jbyEyGW69sZb0d/p5E5UPEJFitc1SUu5AWOII4d2kOUsaO+8yqB4QBrlzZnzzRTXncrDJMn7GYY/Zm4DuLTlQyisTAm072O27wJS3ChzEPcozQ+htBTk4n7T1+YA" "Wt36dV7hb7R3z96Pm9VDiXhcGMAEJgIAABwsBAAIkBvEHAQpTBzOpWSfwSpXaIwMBAQVdABAAAAEADHyAlgoB4Q5axwAA"
bankgroup.us.           299     IN      TXT     "v=spf1 mx a ip4:8.8.8.8/24 a:nasikakwok include:domainengkau -all"

That is some interesting part, base64 and nasikakwok also domainengkau
Base64 is in 2 part so I just join them and decode it to hexadecimal then save it as ayam2.7z file


Tried opening the files, its password protected! duh!


try all possible password but that's not it, so i go the the main domain, which was a gitlab community site, after poking around, I found one repository called username/flag, but still failed

other than that, I got the original IP of the website which was under the cloudflare if you ping it directly. 

Doing some port scanning to the IP just got some closed port on SSH and ftp if I'm not mistaken.
So all was blank to me.

Maybe some of you that got it, can tell me how to get the password much be appreciated! :D

UPDATE!

seems that someone has solve this question [POC], the zip file needs to be crack using rockyou wordlist!
maybe no luck for me. So after password was found, you will get the flag. 
5 najashark.net: Wargames.my 2017 monthly Challenge (January) The Question. For the January 2017 Challenge, take a look at this +++ bankgroup.us +++ The hint from our crew : The fundamental. Fi...

4 comments:

  1. So, there is monthly challenge at wargames.my this year?

    ReplyDelete
    Replies
    1. yes, you can check on their facebook page for any updates

      Delete
  2. username/flag tu repo aku hahaha. aku buat xss for capturing api token. tapi teda admin yang jenguk

    ReplyDelete

Post Comment

>