Description
You are playing your first Attack/Defense CTF, and… everyone is panicking! The game is barely 45 minutes old, and your team is under attack from all sides, with all services down except one: you don’t know whether to patch, attack, or just go back to being a normal human being and give up. Your mind is going crazy, you’re feeling fuzzy, you don’t know what your name is anymore.
You drink another cup of coffee (okay, given the stress, not the best idea), but you decide to open your team network flow analysis tool. This tool (Shovel) enables you to view all TCP/UDP flows passing through the machine you’re defending. You are in charge of the service called blind, and without even looking at the code of this service, you decide to simply reproduce the attacks that other teams are using to steal your flags.
Your objective is to steal another team’s flag during this game tick (in the Hackropole scenario, the flag is constant).
The corresponding flag ID given by the CTF admins is: /fcsc/ddJ565eGcAPFVkHZZFqXtrYe2vmVUQv.
- Shovel: http://localhost:8000/
- Another team service:
nc localhost 4000 - Flag ID:
/fcsc/ddJ565eGcAPFVkHZZFqXtrYe2vmVUQv
Files
Author
Challenge Instructions
- First, download docker-compose.yml:
curl https://hackropole.fr/challenges/fcsc2024-pwn-blind-attack/docker-compose.public.yml -o docker-compose.yml - Launch the challenge by executing in the same folder:
docker compose up - Access the challenge at http://localhost:8000/.
- Then, in another console, access the challenge with Netcat:
nc localhost 4000
In case you encounter problems, please consult the FAQ.
Flag
Submit your solution
You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.
You need to be logged in to submit a writeup.
Writeups
There are no public solutions for this challenge yet, but you can submit yours after getting the flag.