SpyderSec Challenge Write Up { MSF }

Hello! Everyone. Nice to meet u. Today we ( 133730 , System , 404 ) are try to solve about the SpyderSec Challenge from vulnhub.It really nice challenge and we have new experience about the truecrypt. We want to share our knowledge about this challenge.So writ up about this 🙂

SpyderSec Lab Welcome Screen
spyderlab welcome screen

Firstly,We need to find the IP of Target. Therefore, search our ip first with ifconfig command

Now our IP is and then continue the whole network ip with nmap scan.
nmap -sn

Now we see all IP on my network. Host is Up.
network scan with nmap

We know about the Target IP that is So that to know what services are running on this ip we will use nmap again to scan.
nmap -sV
target ip scan

You will see two port are running. SSH port 22 is closed but website service port 80 is running. Therefore we decide the website is running on the IP ( ). See the IP on the web browser.
web browser

Yeah! Now we see the website to pentest. Usually check all thing ( File name, Directory , Link ) on the website but don’t see any about this. we just see the some text on the main page and 3 photos. we know need to check the source code carefully.
source code

we found the javascript eval function in the source code and want to know what is it is.So need to unpack this eval js function. We search javascript unpacker on google and select this website.


Evail code in javascript

eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('7:0:1:2:8:6:3:5:4:0:a:1:2:d:c:b:f:3:9:e',16,16,'6c|65|72|27|75|6d|28|61|74|2​9|64|62|66|2e|3b|69'.split('|'),0,{}))

Unpack above js code. we get the some result of hex value.
javascript unpacker

Result Hex value

Change Hex to Character in Hackbar
hex to character

After change the hex value to character, we get the some clue ” alert(‘mulder.fbi’); ” .
clue of challenge

No idea what we continue. After thinking 15 minutes, decide to search the website http response ( you can use burp ) but now we use firebug.viewing some header we found next clue on the cookies value that is new directory.
cookies value

check the directory on the web browser.
But we see Forbidden! about this direcotry.let’s me think about the first clue mulder.fbi is file?. read again about the challenge description .
They said need to download file on the description for first flag.

Yes. check the filename.ext (mulder.fbi) on the forbidden directory.
The full path of the link is
download video

After download the mulder.fbi file and look up the video. It really nice song about old :D.i think the flag is in this video file. No idea about this.
I send the message to spydersec. ” I got the video file and what we continue.”. They reply “Nice job getting the first flag. Interrogate the file… determine if it is just an MP4 or something more. Good luck!” . We thanks so much about the hits. After searching hide file in the video at google.we see trucrypte method. So need to open the download file with truecrypt.

When mount the video file(mulder.fbi) with truecrypt. it said need password
password need in truecrypt

Time to search again the password in the site. Check again all images and source code.
we use exiftool for more details about the images. we download the Challenge.png
Challenge images

Open Challenge.png image with exiftool. We get some hit hex value in the Comment

Copy this hex code and change character 2 time with hex decode.

we get base64 result . after decode base64 result

we get the password of the truecrypt file.

Copy the Password “A!Vu~jtH#729sLA;h4%” and Paste in the truecrypt file
truecrypt with password

Bango! now we get the final flag.txt file.

Video on Youtube

Thanks a lot for SpyderSec about nice challenge and thanks u all our msf members.
Cheer! [email protected]!