The CTF wanted to cover basics in the beginning where people not only see but observe. On loading the system we notice that there is a web application hosted on it. The application was a wordpress application. Things to note about it are:
- readme.html was still present to give us version information
- the wordpress site was out of date
- the instance had one user hacker123
The one thing most people overlook however before going in to direct offense is the robots.txt file. Reading this file showed some interesting entries.
As is seen there are two interesting elements.
- loot.dic – A dictionary file which we download
- Key 1 of 3 – Jackpot one is in
All we need to do now is read key 1 of 3 as below:
The key is not in plaintext, we notice its encoded in between the callibraces which denote a function, which in this troll’s case the function is:
RobotsRPeople2. All we need to clear this now is decode the text to get the first key. The key is base64 encoded which is easy to decode, it is definitely not hex encoding as we can see it doesn’t follow the convention of only using characters between {0-9,A-F}. The key is decoded as below:
And there we have it first key is :
robotsRpeople2AfricaHackonKey1