Friday, February 25, 2011

Nullcon HackIM 2011 CTF Writeup - Levels 0-4



Level 0 :

Initially no hints were provided for level 0 to level 2.

Started off trying with blank and admin/admin, admin/password and other common combinations. Still no luck hence as the next option, decided to look into the source code for hidden clues. The only catching word in the source code which caught my attention is action="level-0-proc.php", hence tried replacing "level-0.php" with "level-0-proc.php"

Voila...... got the congratulations and moved to Level 1.

Hint : I just wanna say one word to you.. just one word.firebug .or you could just mind your 'action'


Level 1 :

Title says Another Idiot Test, hence looked for hidden clues in the source code and found the below mentioned encrypted text down in the source.


A wild guess on checking if ROT 13 might help made me try the below mentioned :


deva@deva-desktop:~$ echo fnirorreqevaxjngre  | tr 'a-zA-Z' 'n-za-mN-ZA-M' 
savebeerdrinkwater


Well it looked interesting, tried this as the password and yes I got lucky again:)

Hint :  Dig Deep to find the Treasure

Level 2:

No hints were provided, no guides available , made me wonder a lot on what was expected. Several searches on Google about the image placed on the page, turned to be of no luck :(

After long moments of searching made me re-look into the code again and found the second comment 
application/x-httpd-php-source 
So started focusing on x-httpd-php-source and all searches in Google led me to php and phps files. Made me think if phpS could be a clue and tried to 
reach level-2-proc.phps. Lucky me again :)


if($_POST['password'] == "microsoftisnteviltheyjustmakereallycrappyoperatingsystems")
Well what more to do other than try the new found level2 password. Time to move to level 3.

Hint :elePHPant arriveS - Courtesy PHPCamp Pune'11(Hint published loooooooong after I cleared off the level, late late hint :D)


Level 3:

my lisa, SmIth and me, Playing a game of words with thee,
Go eat your shorts you worm, as we lost to your fake treachery

My lisa, trivia, made me narrow down to melissa since they have also mentioned about a worm and melissa fits in properly. Simple google search made me land on the wikipedia page of melissa and the author name looked interesting.
Kwyjibo. Yes you guessed it right, its the password to level 4


Level 4: 

Script It!

First Number = 0 Second Number = 0 
Answer = First Number + Second Number + Previous Answer + Product of First Number and Second Number
After This ==> First Number + 1 & Second Number + 2
Final Answer will be the value of 'Answer' when First Number = 31337

Digging on the source gave me U3RhcnQgd2l0aCBQcmV2aW91cyBBbnN3ZXIgPSBGMQ== 
A quick online Hex 64 converter gave me the hint in clear text "Start with Previous Answer = F1". Searching for value of F1 made me search on ASCII values and later landed on the F1 race which gave 241 as the maximum speed reached by McLauren.

So here is the python code which made me move across to Level 5 in ease.

fn=0
sn=0
pr_an=241
ans=0
for i in range(1,31339):
        ans=(fn+sn+pr_an)+(fn*sn)
        pr_an=ans
        fn+=1
        sn+=2

print ans

Running the script gave me 20517902536450 which helped me reach Level 5.

Hint : Handicapped, am I?

Time for rest now. Will be back later for Levels 5-12.

1 comment:

Anant Shrivastava said...

http://blog.anantshri.info/hack-im-walk-through-nullcon-2011/

check this for complete writeup on nullcon HackIM level's