Skip to content

Latest commit

 

History

History
278 lines (251 loc) · 4.95 KB

ftp.md

File metadata and controls

278 lines (251 loc) · 4.95 KB
Raw

Port 21 (FTP)

  • Connecting using lmezard:G!@M6f4Eatau{sF":
ls
#...
#-rwxr-x---    1 1001     1001           96 Oct 15  2015 README
#-rwxr-x---    1 1001     1001       808960 Oct 08  2015 fun
#...
cat README
#"Complete this little challenge and use the result as password for user 'laurie' to login in ssh"
file fun
#fun: POSIX tar archive (GNU)
tar -xvf fun
ls
#ft_fun  fun  README
solution 
cd ft_fun
ls -S -lA
#total 3052
#-rw-r----- 1 skalya skalya 32096 13 août   2015 BJPCP.pcap
#-rw-r----- 1 skalya skalya    44 13 août   2015 08GIC.pcap
#-rw-r----- 1 skalya skalya    44 13 août   2015 0B2GJ.pcap
#-rw-r----- 1 skalya skalya    44 13 août   2015 0D70A.pcap
#-rw-r----- 1 skalya skalya    44 13 août   2015 0K842.pcap
#...
#-rw-r----- 1 skalya skalya    11 13 août   2015 UKFW1.pcap
#-rw-r----- 1 skalya skalya    10 13 août   2015 BNFBP.pcap
#-rw-r----- 1 skalya skalya    10 13 août   2015 FXG1L.pcap
#-rw-r----- 1 skalya skalya    10 13 août   2015 SK03K.pcap

These are not real pcap files, and most of it contain trash

After cleaning BJPCP.pcap, here is the content:

char getme8() {
    return 'w';
}
char getme9() {
    return 'n';
}
char getme10() {
    return 'a';
}
char getme11() {
    return 'g';
}
char getme12()
{
    return 'e';
}
int main() {
    printf("M");
    printf("Y");
    printf(" ");
    printf("P");
    printf("A");
    printf("S");
    printf("S");
    printf("W");
    printf("O");
    printf("R");
    printf("D");
    printf(" ");
    printf("I");
    printf("S");
    printf(":");
    printf(" ");
    printf("%c",getme1());  // ?
    printf("%c",getme2());  // ?
    printf("%c",getme3());  // ?
    printf("%c",getme4());  // ?
    printf("%c",getme5());  // ?
    printf("%c",getme6());  // ?
    printf("%c",getme7());  // ?
    printf("%c",getme8());  // w
    printf("%c",getme9());  // n
    printf("%c",getme10()); // a
    printf("%c",getme11()); // g
    printf("%c",getme12()); // e
    printf("\n");
    printf("Now SHA-256 it and submit");
}
//file750
mv BJPCP.pcap main.c
grep -C 100 getme *.pcap
#0T16C.pcap:char getme4() {
#0T16C.pcap-
#0T16C.pcap-//file115
#--
#32O0M.pcap:char getme7() {
#32O0M.pcap-
#32O0M.pcap-//file736
#--
#331ZU.pcap:char getme1() {
#331ZU.pcap-
#331ZU.pcap-//file5
#--
#4KAOH.pcap:char getme5() {
#4KAOH.pcap-
#4KAOH.pcap-//file368
#--
#91CD0.pcap:char getme6() {
#91CD0.pcap-
#91CD0.pcap-//file521
#--
#B62N4.pcap:char getme3() {
#B62N4.pcap-
#B62N4.pcap-//file56
#--
#G7Y8I.pcap:char getme2() {
#G7Y8I.pcap-
#G7Y8I.pcap-//file37
grep -C 100 return *.pcap
#7DT5Q.pcap: return 'a';
#7DT5Q.pcap-
#7DT5Q.pcap-//file116
#--
#APM1E.pcap: return 'I';
#APM1E.pcap-
#APM1E.pcap-//file6
#--
#ECOW1.pcap: return 'e';
#ECOW1.pcap-
#ECOW1.pcap-//file57
#--
#J5LKW.pcap: return 't';
#J5LKW.pcap-
#J5LKW.pcap-//file522
#--
#T44J5.pcap: return 'p';
#T44J5.pcap-
#T44J5.pcap-//file737
#--
#T7VV0.pcap: return 'r';
#T7VV0.pcap-
#T7VV0.pcap-//file369
#--
#ZPY1Q.pcap: return 'h';
#ZPY1Q.pcap-
#ZPY1Q.pcap-//file38

Now we got to match each return with its getme() function, we can see that each getme() function is a '//file` number

We notice that for each number '//filenumbernofgetme()files, there is a correspondingreturn file that have '//file number n+1

So we have

331ZU.pcap:char getme1() {
331ZU.pcap-
331ZU.pcap-//file5
--
APM1E.pcap: return 'I';
APM1E.pcap-
APM1E.pcap-//file6

G7Y8I.pcap:char getme2() {
G7Y8I.pcap-
G7Y8I.pcap-//file37
--
ZPY1Q.pcap: return 'h';
ZPY1Q.pcap-
ZPY1Q.pcap-//file38

B62N4.pcap:char getme3() {
B62N4.pcap-
B62N4.pcap-//file56
--
ECOW1.pcap: return 'e';
ECOW1.pcap-
ECOW1.pcap-//file57

0T16C.pcap:char getme4() {
0T16C.pcap-
0T16C.pcap-//file115
--
7DT5Q.pcap: return 'a';
7DT5Q.pcap-
7DT5Q.pcap-//file116

4KAOH.pcap:char getme5() {
4KAOH.pcap-
4KAOH.pcap-//file368
--
T7VV0.pcap: return 'r';
T7VV0.pcap-
T7VV0.pcap-//file369

91CD0.pcap:char getme6() {
91CD0.pcap-
91CD0.pcap-//file521
--
J5LKW.pcap: return 't';
J5LKW.pcap-
J5LKW.pcap-//file522

32O0M.pcap:char getme7() {
32O0M.pcap-
32O0M.pcap-//file736
--
T44J5.pcap: return 'p';
T44J5.pcap-
T44J5.pcap-//file737

Then:

int main() {
    ...
    printf("%c",getme1());  // I
    printf("%c",getme2());  // h
    printf("%c",getme3());  // e
    printf("%c",getme4());  // a
    printf("%c",getme5());  // r
    printf("%c",getme6());  // t
    printf("%c",getme7());  // p
    printf("%c",getme8());  // w
    printf("%c",getme9());  // n
    printf("%c",getme10()); // a
    printf("%c",getme11()); // g
    printf("%c",getme12()); // e
    printf("\n");
    printf("Now SHA-256 it and submit");
}
echo -n "Iheartpwnage" | sha256sum
#330b845f32185747e4f8ca15d40ca59796035c89ea809fb5d30f4da83ecf45a4  -

Credentials found

SSH

Login Password
laurie 330b845f32185747e4f8ca15d40ca59796035c89ea809fb5d30f4da83ecf45a4