Thursday, October 25, 2012

Hack.Lu CTF: Hidden Challenge Writeup

This hidden challenge was pretty cool. On the login page to ctf.fluxfingers.net, there was a script reference as shown below.
<script type="text/javascript" src="http://braaaains.hack.lu/bloody.js"></script>
This clearly does not work as a web browser can't figure out how to resolve the domain name. A quick nslookup, however, reveals that braaaains.hack.lu only has in IPv6 address - 2002:95:d:21:4a::1. This IPv6 address also does not respond to web traffic, which causes us to examine the construction of the IPv6 address.

The 2002 prefix belongs to the "6to4 addressing" IPv6 range of address, which means we can extract an IPv4 address from the IPv6 Address.
95:d:21:4a = 149.13.33.74, which is the IP Address of ctf.fluxfingers.net
So, we next tried to navigate to http://149.13.33.74/bloody.js, but it gives us a file not found error. We fumbled around for a bit here before we decided that braaaains.hack.lu was actually important so we changed the HOST header of our HTTP request as it was outbound to be braaaains.hack.lu instead of 149.13.333.74 and we got back a result with just one thing on it: IcanSmellBigBrainsARRRRR. -- suntzu_II

No comments:

Post a Comment