[Juniors CTF 2016] [Network 500 – Disco dancer] Write Up

Description

Do you want to go to Stan`s party?
Entrance free.
But you need a flyer.
Everyone wants to come. Most of the flyers have already been taken.
But Dipper promised to get one for you.
Just wait him at …., react to the knock echo request, and he will slip it under the door under discard service

Resolution

Filtering ICMP packets on the VPN we got:

10.3.0.1  -> 10.3.4.78 | Timestamp request   //from the gateway
10.3.4.78 -> 10.3.0.1  | Timestamp reply     //our response
10.3.0.1  -> 10.3.4.78 | 51571 -> 9 [SYN]    //gateway is trying to connect to port tcp/9

We managed to listen with a simple python script:

#!/usr/bin/python

import socket
import sys

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server_address = ('0.0.0.0', 9)
sock.bind(server_address)
sock.listen(1)

while True:
    connection, client_address = sock.accept()
    try:
        while True:
            data = connection.recv(16)
            if data:
                print >>sys.stderr, %s % data.rstrip('\n'),
            else:
                break
    finally:
        connection.close()

Then running the script:

sudo python server.py
Get the Flag: 
QYJZYkrdqL7KdBhCNJXNCky1eaV3ZUbMr38ktSwQZi1kW6uI6w9i5A27RUit9JUZ

Flag was QYJZYkrdqL7KdBhCNJXNCky1eaV3ZUbMr38ktSwQZi1kW6uI6w9i5A27RUit9JUZ

Leave a Reply

Your email address will not be published. Required fields are marked *