Level 14

Url: http://ctf.infosecinstitute.com/levelfourteen.php
Description: Do you want download level14 file?
Bounty: $140

Solution:
Download the file and after identify the file with “find” command line in linux, the file is ascii file type, the file contain phpmyadmin SQL dump.

level14

After scroll looking for interesting part, I found one

--
-- Dumping data for table `friends`
--

INSERT INTO `friends` (`id`, `name`, `address`, `status`) VALUES
(102, 'Sasha Grey', 'Vatican City', 'Active'),
(101, 'Andres Bonifacio', 'Tondo, Manila', 'Active'),
(103, 'lol', 'what the???', 'Inactive'),
(104, '\\u0069\\u006e\\u0066\\u006f\\u0073\\u0065\\u0063\\u005f\\u0066\\u006c\\u0061\\u0067\\u0069\\u0073\\u005f\\u0077\\u0068\\u0061\\u0074\\u0073\\u006f\\u0072\\u0063\\u0065\\u0072\\u0079\\u0069\\u0073\\u0074\\u0068\\u0069\\u0073', 'annoying', '0x0a');

-- --------------------------------------------------------

“\\u0069” strings is a unicode, u0069 means is Small Latin char ‘i’, Let’s decode all the unicode char, I’m using this online tools.

level14flag

The flag is: infosec_flagis_whatsorceryisthis

Reference and Tools
1. Unicode – http://unicode.org
2. Unicode online tools – http://rishida.net/tools/conversation/
3. http://unicode.org/cldr/utility/character.jsp?a=0069

0 comments