Hello! Everyone. Nice to meet u. Today we ( 133730 , System , 404 ) are try to solve about the SpyderSec Challenge from vulnhub.It really nice challenge and we have new experience about the truecrypt. We want to share our knowledge about this challenge.So writ up about this 🙂
SpyderSec Lab Welcome Screen
Firstly,We need to find the IP of Target. Therefore, search our ip first with ifconfig command
Now our IP is 192.168.0.106 and then continue the whole network ip with nmap scan.
nmap -sn 188.8.131.52/24
Now we see all IP on my network. Host is Up.
We know about the Target IP that is 192.168.0.108. So that to know what services are running on this ip we will use nmap again to scan.
nmap -sV 192.168.0.106
You will see two port are running. SSH port 22 is closed but website service port 80 is running. Therefore we decide the website is running on the IP (192.168.0.108 ). See the IP on the web browser.
Yeah! Now we see the website to pentest. Usually check all thing ( File name, Directory , Link ) on the website but don’t see any about this. we just see the some text on the main page and 3 photos. we know need to check the source code carefully.
Unpack above js code. we get the some result of hex value.
Result Hex value
Change Hex to Character in Hackbar
After change the hex value to character, we get the some clue ” alert(‘mulder.fbi’); ” .
No idea what we continue. After thinking 15 minutes, decide to search the website http response ( you can use burp ) but now we use firebug.viewing some header we found next clue on the cookies value that is new directory.
check the directory http://192.168.0.108/v/81JHPbvyEQ8729161jd6aKQ0N4/ on the web browser.
But we see Forbidden! about this direcotry.let’s me think about the first clue mulder.fbi is file?. read again about the challenge description .
They said need to download file on the description for first flag.
Yes. check the filename.ext (mulder.fbi) on the forbidden directory.
The full path of the link is http://192.168.0.108/v/81JHPbvyEQ8729161jd6aKQ0N4/mulder.fbi
After download the mulder.fbi file and look up the video. It really nice song about old :D.i think the flag is in this video file. No idea about this.
I send the message to spydersec. ” I got the video file and what we continue.”. They reply “Nice job getting the first flag. Interrogate the file… determine if it is just an MP4 or something more. Good luck!” . We thanks so much about the hits. After searching hide file in the video at google.we see trucrypte method. So need to open the download file with truecrypt.
When mount the video file(mulder.fbi) with truecrypt. it said need password
Time to search again the password in the site. Check again all images and source code.
we use exiftool for more details about the images. we download the Challenge.png
Open Challenge.png image with exiftool. We get some hit hex value in the Comment
Copy this hex code and change character 2 time with hex decode.
we get base64 result . after decode base64 result
we get the password of the truecrypt file.
Copy the Password “A!Vu~jtH#729sLA;h4%” and Paste in the truecrypt file
Bango! now we get the final flag.txt file.
Video on Youtube
Thanks a lot for SpyderSec about nice challenge and thanks u all our msf members.