Level 13

Url: http://ctf.infosecinstitute.com/levelthirteen.php
Description: What the heck happened here? It seems that the challenge here is gone?
Can you find it? Can you check if you can find the backup file for this one?
I’m sorry for messing up
Bounty: $130

Solution:
First I’m very confused with this challenge, after read couple times the description, then I try to get the backup of the levelthirteen.php, I’ve tried levelthirteen.php.bak, levelthirteen.php.backup, seem not working, then I tried levelthirteen.php.old, viola, I download the file and view the source code

<div class="hero-unit lvlfour">

<h1>
What the heck happened here? It seems that the challenge here is gone?
Can you find it? Can you check if you can find the backup file for this one?
I'm sorry for messing up :(

</h1>
<?php

/* <img src="img/clippy1.jpg" class="imahe" /> <br /> <br />

<p>Do you want to download this mysterious file?</p>

<a href="misc/imadecoy">
<button class="btn">Yes</button>
</a>

<a href="index.php">
<button class="btn">No</button>
</a>
*/
?>
</div>

Then I tried to download imadecoy list from above source code, the file is pcap files,

level13a

lets open it with Wireshark, after open the pcap file, go to File -> Export object -> HTTP, then press the “save all” button, choose the location to save.

level13wireshark

You can see all the file that result from export object

level13imadecoy

I open all the image files, then got a flag in HoneyPy.PNG file

HoneyPY

The flag is: infosec_flagis_morepackets

Reference and Tools:
1. Wireshark – http://www.wireshark.org
2. Pcap – http://en.wikipedia.org/wiki/Pcap
3. Linux command line

0 comments