Investigation

We’re told that admin will visit our page with the flag, so we just need to submit something that we control so that we can watch the traffic come to our server.

Being the fond Hackers (1995) fan that I am, I’ll use my playground vps, gibson.zerocool.io to serve up a file that we can sniff traffic on. I’m using the gibson subdomain because I have ssl enforced on zerocool.io and wasn’t sure if tshark would be able to read the content as it came in, or if it would just show up as ssl packets.

Instead of sniffing all our traffic though, let’s get the IP address that imagelover will likely be coming from.

dig a hack.bckdr.in

Solution

From here we now have what we need to fire up tshark and listen to the traffic coming into the server.

root@gibson:/home/dade# tshark -i eth0 -x host 188.166.184.216

Now that the sniffer is running, we submit http://gibson.zerocool.io to the imagelover input.

Running as user "root" and group "root". This could be dangerous.
Capturing on 'eth0'

[Packet Capture omitted. Do it yourself :)]

Flag

This challenge is hosted permanently at Backdoor, so go find the flag yourself!

Botch

Security

Recent Posts

Links

Jun 5, 2016 - backdoorctf16 : Imagelover

Investigation

Solution

Flag