Mirage - Miscellaneous
Let’s visit the link and see what they have for us.
While looking it plainly, we can see it’s just a website. let’s look at the page source.
A small part of the page source
While casually reading the page source, I have seen the word ROBOTS hidden in the website, so I thought of checking whether there is a robots.txt file in it and it is there in the website.
So, there are a few directories listed in it. I saved those all in a separate text file.
saved text file from robots.txt
I had a feeling that most of them would be 404’s and rabbit holes so I fired up Burpsuite to use Intruder and brute-force those directories.
the captured request which is send to Intruder
adding the payload position in Intruder
The saved directories are used as payloads to brute-force
As we can see, there are certain directories which only gave 200 status codes. Let’s look them one by one.
At first, we are gonna see /flag.txt.
So there are certain characters given as flag. lets use cyberchef too find what it is.
Of course it is a rabbit hole to troll us 😐. Well, it’s not going to be that easy. Let’s look at the second one /flag1.txt.
So, they have given some gibberish. If you read the hint, “Rot Rot Everwhere but not a single Rot to see” we know that we should use Caesar Cipher. I use cryptii.com, but use can use any website you prefer.
Caesar cipher result
Another rabbit hole 😑. Let’s see the next one /wordlists.txt.
They have given a wordlist saying this will help us later. So, I saved it in a separate file. Now to the last one /ok.txt.
Another hint. In this they have given a directory which is encrypted using Caesar Cipher (/uncclzrny.wct). Let’s use cryptii again.
decoding using cryptii
We have found the plaintext which is happymeal.jpg. Let’s see what is in it.
If you visit the link https://mirage.ctf.intigriti.io/happymeal.jpg this image is shown. Let’s visit /HelpMeOut.txt.
Finally 😀. they have given a link to download the flag.zip file. let’s download and extract it.
The zip file is password protected. We need to use the wordlist wordlists.txt to find the password. We are gonna use john to crack the zip file. First let’s make a file which is compatible for john to crack using zip2john and crack the file using wordlists.txt.
cracked password using john
So we have found the password which is Soeasypeasy214. Now use the password to open the flag.txt and BOOM! , we got the flag.
So this is how I solved Mirage challenge. Hope you guys like this blog. Make sure to show your support by applauding and sharing the blog with your fellow hackers and tech geeks. Let’s see you in another blog, until then PEACE OUT ✌️