Tuesday, January 15, 2019

KringleCon | Tangle Coalbox & de Bruijn Sequences | CTF Solution

Written by Pranshu Bajpai | LinkedIn

Tangle Coalbox: Lethal ForensicELFication

The poem that introduces the challenge talks about certain “text editors” leaving behind clues. Vim immediately 
comes to mind. We know that Vim logs information about deletions and searchers into a file called .viminfo. 
By default it is stored at ~/.viminfo. The dot (.) represents a hidden file. So we perform a file listing with -a 
option to see the hidden files. We notice .viminfo and pull out its contents. We notice that a search and replace 
was done that substituted the word Elinore with NEVERMORE.

We can turn off Vim logging by using :set viminfo=
Answer: Elinore

Question 3 de Bruijn Sequences

This question asks us what welcome message greets the speaker. If we look at the website that holds the door 
authentication challenge, we find that the welcome message is exposed in the HTML.
This allows us to directly access the victory banner image and gather the victory message and complete the 
challenge. However, to actually unlock the door, we can either follow the suggested de Bruijn Sequences or 
perform an exhaustive search for the permutation that opens the door. There are only 4 x 4 x 4 x 4 = 256 
possible candidates. I decided to brute force it and used Burp Suite Intruder to send all possible candidates to 
the server and notice which one garners a positive response from the server.
We notice that the sequence 0120 was accepted as the correct guess by the server. So we now know that the 
correct sequence of shapes is as follows:
Answer: Welcome unprepared speaker!

No comments:

Post a Comment