Hacking for n00bz – Level 11

At first look, level 11 seems to be related to something specific to PHP scripting because it shows a very big PHP logo.

n00bz Level 11

After taking a careful look, the PHP logo looks different from the original logo. Moreover, if you read the page source, you will noticed that the PHP logo is named as “img/php-logo-virus.jpg”. Why name the file as virus?

Just to be sure, let’s run it using the file command to identify what kind of file is it. In my Linux system, I run the file command:

file php-logo-virus.jpg

And below is the output:

php-logo-virus.jpg: JPEG image data, JFIF standard 1.01, resolution (DPI), density 96×96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=6, name=infosec_flagis_aHR0cDovL3d3dy5yb2xsZXJza2kuY28udWsvaW1hZ2VzYi9w], baseline, precision 8, 450×237, frames 3

Did you see it? It says “infosec_flagis_aHR0cDovL3d3dy5yb2xsZXJza2kuY28udWsvaW1hZ2VzYi9w”

Running the encoded portion of the string through a base64 decoder tool will give you the following URL – “http://www.rollerski.co.uk/imagesb/p”, which essentially leads to an Error 404, page not found.

My logic – since the string turned out of be quite legit, yet the URL points to nothing. Probably the URL is incomplete. Therefore to verify this, we can run a strings command on the file to see what are the existing strings contained in the file.

strings php-logo-virus.jpg

Below is the output,

n00bz Level 11

True enough, the string we gotten earlier was incomplete. Now we have the complete string:

infosec_flagis_aHR0cDovL3d3dy5yb2xsZXJza2kuY28udWsvaW1hZ2VzYi9wb3dlcnNsaWRlX2xvZ29fbGFyZ2UuZ2lm

Let us put it through the base64 decoder tool again – there, it returns an image file – http://www.rollerski.co.uk/imagesb/powerslide_logo_large.gif

n00bz Level 11

As strange as it seems to be, this is the flag for level 11, “infosec_flagis_powerslide

Back to write-up list for InfoSec Institute CTF #1: Hacking for n00bz

Advertisements

2 thoughts on “Hacking for n00bz – Level 11

Leave a Message

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s