Hacking for n00bz – Level 9

Level 9 shows a login page, the first thing I do is to view the page source… nothing fishy. What about the cookies? Using Firebug, I checked cookies and for a moment, I thought I see something interesting, a cookie named “lpv12882” which contains a base64 encoded string.

n00bz Level 9

However, upon decoding, I see that it is just the page URL of level 9, which is the challenge we are trying to solve now.

Back to square one, but don’t give up just yet. We can always try harder!

n00bz Level 9

Since the login form mentioned the system name, “Cisco IDS Web Login System”, let’s perform a Google search to see what is its default password.

You can easily find websites which shows you the default passwords for various products, in this case, the Cisco IDS. Based on the website, it seems like we can try following default login,

Username: root
Password: attack

We did it! There, we have the key now. But how do we crack it?

n00bz Level 9

You can try many different methods, trial and error. In this case, if you look carefully, the last 7 letters in the string looks familiar, very familiar… “infosec”, perhaps?

If you run the string “ssaptluafed_sigalf_cesofni” in a string-reverse tool, you will get the flag, “infosec_flagis_defaultpass

Back to write-up list for InfoSec Institute CTF #1: Hacking for n00bz

Advertisements

One thought on “Hacking for n00bz – Level 9

Leave a Message

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s