English [9447 CTF 2015] [Recon 140 – Recon 1] Write Up


Someone has attacked your site. Find their full name.

This task is split into two parts. This is a reward for getting half way.


The file contains an access log.
By browsing it we found an interesting line: - - [15/Nov/2015:16:28:11 +0000] "GET /admin HTTP/1.1" 200 283 "-" "curl/7.35.0"

We opened the website and we got a nice :

go away

OK… 🙁
We chose to look the reverse IP of the server, maybe the server is listening to another virtual host ? www.williestoleyour.pw

Great! It worked 🙂
Seeking for a while what we can do, sending mails, etc. but nothing, we were stuck.

We tried to check if the website was cached in a previous state/version with WebArchive:

Yeah, it was the case !
The only thing which changed was the email on the website:

Current: info@williestoleyour.pw
Previous: info@dynamiclock.pw

Browsing to the new host www.dynamiclock.pw found we got the flag 🙂

Flag was : 9447{YouAreStalKey}.

Leave a Reply

Your email address will not be published. Required fields are marked *