domingo, 3 de marzo de 2013

Nullcon 2013 BattleUnderground - Misc 1&2 Write up

Misc 1

The statement on this level was: "Who wrote the private key on whiteboard just by looking at the public certificate?"

A quick search in Google with the following keywords "whiteboard private key certificate" was all I needed to solve this level.

The first result with the a comment from Radu Grigore gave me the answer:

"During his own Google interview, Jeff Dean was asked the implications if P=NP were true. He said, "P = 0 or N = 1." Then, before the interviewer had even finished laughing, Jeff examined Google’s public certificate and wrote the private key on the whiteboard."

The flag for this level was: "Jeff Dean".

Misc 2

In this level we were provided with an .img file: 8cb94a0d097f0fc0b34fe9729c6ce11c.img

First thing to do is to use binwalk to see what is inside:

ncr@poxyran:~/Desktop/nullcon$ binwalk 8cb94a0d097f0fc0b34fe9729c6ce11c.img

223255        0x36817       LZMA compressed data, properties: 0x01, dictionary size: 33554432 bytes, uncompressed size: 16777216 bytes
224263        0x36C07       LZMA compressed data, properties: 0x01, dictionary size: 33554432 bytes, uncompressed size: 723517440 bytes
4195328       0x400400      gzip compressed data, from Unix, last modified: Mon Feb 18 03:23:14 2013
8388608       0x800000      Linux EXT filesystem, rev 1.0 ext3 filesystem data, UUID=e3362b15-1b48-47a3-80bb-134ffd3ffd3f

There is an EXT filesystem inside plus a gzip file and two LZMA compressed streams. Let's first extract the gzip using dd:

ncr@poxyran:~/Desktop/nullcon$ dd if=8cb94a0d097f0fc0b34fe9729c6ce11c.img of=elgzip.tar.gz skip=4195328 bs=1 count=4193280

Why I extracted the gzip file first? Well, that's because I first used the strings utility over the .img file and this is what I found:

ncr@poxyran:~/Desktop/nullcon$ strings 8cb94a0d097f0fc0b34fe9729c6ce11c.img | less


Inside the gzip file there was a file called Key.txt file. Extracting and opening the Key.txt gave us the flag:

No hay comentarios: