Sweet! We have another flag, as well as clues. Here, we can use a technique called “port knocking”, where we attempt to connect to certain closed ports, hence knocking. Since port 143 is closed, we need to open it. Great! Time to continue with the main flags. Select * from temple_of_the_faceless_men Ĭity of Braavos Flag: 3f82c41a70a8b0cfec9052252d9fd721 Psql -h 192.168.121.130 braavos TheRedWomanMelisandre Finally, log in as that user to the Braavos database, with the password ValarMoghulis. First, check the books contents again, then look for the missing number in the kill list. THE MANY FACED GOD WANTS YOU TO CHANGE YOUR FACE HE WANTS YOU TO IDENTIFY AS ONE OF YOUR KILL LIST SELECT IT BASED ON THIS BOOKS LOST PAGE NUMBER THE DATABASE TO CONNECT WILL BE BRAAVOS AND YOUR PASSWORD WILL BE VALARMORGHULIS Select: Try to decrypt automatically (statistical analysis) Dro nkdklkco dy myxxomd gsvv lo lbkkfyc kxn iyeb zkccgybn gsvv lo: FkvkbWybqrevsc Covomd sd lkcon yx drsc lyyu’c vycd zkqo xewlob. Ro gkxdc iye dy snoxdspi kc yxo yp iyeb usvv vscd. So, let us see what the DB reveals.ĭro wkxi-pkmon qyn gkxdc iye dy mrkxqo iyeb pkmo. The map shows a flag for the City of Braavos. User/pass combination: you must be able to open the gates.īefore proceeding, let us see if there are any other hints or flags in the database. Kingdom of the Mountain and the Vale Flag: bb3aec0fdcdbc2974890f805c585d432 Time to decode.Įcho “TmljZSEgeW91IGNvbnF1ZXJlZCB0aGUgS2luZ2RvbSBvZiB0aGUgTW91bnRhaW4gYW5kIHRoZSBWYWxlLiBUaGlzIGlzIHlvdXIgZmxhZzogYmIzYWVjMGZkY2RiYzI5NzQ4OTBmODA1YzU4NWQ0MzIuIE5leHQgc3RvcCB0aGUgS2luZ2RvbSBvZiB0aGUgUmVhY2guIFlvdSBjYW4gaWRlbnRpZnkgeW91cnNlbGYgd2l0aCB0aGlzIHVzZXIvcGFzcyBjb21iaW5hdGlvbjogb2xlbm5hdHlyZWxsQDdraW5nZG9tcy5jdGYvSDFnaC5HYXJkM24ucG93YWggLCBidXQgZmlyc3QgeW91IG11c3QgYmUgYWJsZSB0byBvcGVuIHRoZSBnYXRlcw=” | base64 –decode & echo ” ” Grant all privileges on all tables in schema public to robinarryn Psql -h 192.168.121.130 mountainandthevale robinarryn Command line should be used on that kingdom – Talisa Maegyr The credentials to access to the Mountain and the Vale kingdom are: Iron Islands Flag: 5e93de3efa544e85dcd6311732d28f95Įnter ‘ in the search bar -> Click on “File Manager”Īt first I thought about clicking away on the file system, but it was unresponsive. The Iron Islands are touted as a DNS server, and so we must query the server’s DNS txt record to get to the next step. Since it is clearly giving us the path, it looks like we are going to have to edit our hosts file. Hashcat-legacy -m 3610 -a 0 hash /usr/share/wordlists/rockyou.txt We are going to have to use hashcat-legacy in order to crack the hash.Įcho “6000e084bf18c302eae4559d48cb520c:2hY68a” > hash Oberynmartell : A_verySmallManCanCastAVeryLargeShad0wĭorne Flag: fb8d98be1265dd88bac522e1b2182140Īpparently we are going to have to crack the hash in order to decrypt the_wall.txtĪ search on Google reveals the following: We now have the full set of FTP credentials. Search for more potentially hidden directories:ĭirb -N 500 -S /usr/share/dirb/wordlists/big.txt Sweet! We found our first flag? Now we have to figure out what to do with it. We are missing the password, which the savages hold, and the savages are related to the music found in the main page. We already have the username for entry to Dorne. Our first flag will be found via the FTP service, or Dorne. We now have the layout of how to approach this game, as well as clues. We get several hints, including a username and potentially a password. First, set the User-Agent to “Three-eyed-raven” and then explore the options. For those who are reading my blog as they prepare for the OSCP, this is a great way to train. Although the CTF might be somewhat easy for those who have, say, passed the OSCP, it is still a lot of fun. I had a tremendous amount of fun completing this. Compromising applications, services, and breaking encryption is all part of the game. The CTF has players find 11 flags, scattered throughout the Game of Thrones (GoT) world. What follows is a write-up of a Capture The Flag (CTF) game, Game of Thrones 1.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |