InfoSec Institute CTF Challenge #8

Another day, another challenge…

Today’s challenge will be on CTF Challenge #8 from InfoSec Institute.

Going to the following link

We see the following page.

infosec_8_intro

We’re introduced with the downloading a file.

Doing our trick of right click, view page source we see the following:

infosec_8_pagesource

We see the file that we need to download called “app.exe”

Downloading and opening the file we noticed that the application is the netstat command listing our network information.

Since our tricks does not work, we need to find a way to view the source of the application.

One option is to use the linux strings command.

The strings command allows you to find English words in file.

If you are working on a Windows machine (like I am) you can download the cygwin emulator which allows you to do simple Linux commands on a Windows machine.

To download cygwin go here.

Note: Make sure when downloading that you add the binutils package to import the strings command.

Copy the app.exe file into the cygwin directory (that you specified in your installation) so you navigate to that file.

After downloading cygwin, and using the strings command we see the following:

infosec_8_flag

We found the flag – infosec_flagis_0x1a!

Lessons learned:

Again, our normal tricks of viewing the page source did not work. We noticed that when we executed the program that it was the netstat command getting information on our network. From there we decided that we would need to see the source of the application to see if the flag was hidden in there. Turns out it was. Overall lesson, be flexible with your tool belt and think outside of the box!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s