Open in app

Sign in

Write

Sign in

Kuya CTF

Robert Canare
4 min readApr 23, 2019

I thought this challenge is made by the fellow Filipino hacker, Kuya means Oldest brother or used by the strangers.

Let’s begin.

Know the drill mate.

Where are the Trolls spongie?

Upon checking the source of the web page I saw the /loot directory.

And it contains four images.

I downloaded the four images by wget’ing those.

And I examined the 1.jpg using steghide and extract the possible embedded file on the image file without any passphrase.

Ohh there’s a base64 .txt file. :)

I cracked the base64 .txt file using online tools.

I tried extracting the 2nd image using the same tools.

Ohh there’s a brain fuck something .txt file, I know I can crack it using some online tools.

I cracked the 2nd image as well using some online tools and I got the first flag.

I stuck a little bit on the 3rd image they ask for the passphrase.

And I extract the 4th image and I got a .pcapng file.

Extracting the last image and I got another .txt file.

I examined the .pcang using wireshark.

And I found these request on port 7777/loot.7z file.

Upon googling I found a way how to export the loot.7z file.

There is an SSH RSA file, but it asking for Password.

I converted the .7z hash to john format using 7z2john tools.

And cracked it using john with a rockyou.txt wordlist.

And convert the id_rsa to john format for me to able to crack it.

Using ssh2john I converted the key to john format.

And cracked it using a rockyou.txt wordlist.

I Checked the public key for username and hostname.

And I added the hostname to my /etc/hosts file to resolve it.

And successfully SSH’ing the target machine.

And I found the second flag on /test/.ssh.

By catting /var/www/html/wordpress/wp-config-sample.php I got Kuya’s password.

And got the third flag on the home directory.

I found some the tar command compressing the /etc/shadow and save it home directory? haha

I tried the command on my self to see if I can compress the /root directory.

Extracting shadow.tar and it’s show’s shadow file. :)

I tried it to compress the /root directory.

And I got the M3m3L0rd.txt file.

I think this is the last flag?

lol.

Hi friend messages me on:

Twitter:https://twitter.com/robertcanare
Linkedin:https://www.linkedin.com/in/robert-john-canare/ Facebook:https://www.facebook.com/canarerobertjohn

Hacking
Ctf
Hacker
Capture The Flag
Pinoy

--

--

Robert Canare

Written by Robert Canare

25 Followers

I’m just curious on everything.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams