We came across a leaked binary executable used by the Roscosmos to communicate with International Space Station. But it seems the executable is keeping on crashing.
Your mission is to find a way around it.
On executing the provided executable, they will ask you to input the country’s name.
Since Russia is the country where the challenge is hosted, we should add it as the country.
Once it is given, the application crashes and won’t exit, as shown below.
On capturing the network traffic using Wireshark, we can observe a connection from the local machine to a Public IP 184.108.40.206 with port 31337.
And on connecting the server using Netcat, a banner with instructions is given, which asks to enter the username.
Once the username ‘kipchoge’ (from “Hello kipchoge” in the first prompt) is given, the server returns a JSON, as shown below.
On inspecting the values in JSON, every value has a common string as the first part.
The value QzBDME4ybzJJY2YK989afb4e4cf94df0 can be separated into two parts, each 16-bit string. And QzBDME4ybzJJY2YK is the same for all the 20 values provided in the JSON.
This string is a base64 encoded string. On decoding this, you will get a value, C0C0N2o2Icf, which is the secret key mentioned in the banner.
For the sake of time, let us keep that aside.
As per the instruction given in the banner, “to find the password, you need to get the key from the JSON given below, and XOR it using the secret key, and then encode the XORed value to base64.”
Given below is the python script to do both the functions and send it over to the server.
By giving the encoded values, the server will provide the flag, as shown below.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.