#
Mirage
Hi Everyone. This time I played 1337up CTF by Intigriti and my team TamilCTF placed 10th in it 😊. Let me show how I solved one of the challenges in it, Mirage - Misc.
Mirage - Miscellaneous
Let’s visit the link and see what they have for us.
While looking it plainly, we can see it’s just a website. let’s look at the page source.
A small part of the page source
While casually reading the page source, I have seen the word ROBOTS hidden in the website, so I thought of checking whether there is a robots.txt file in it and it is there in the website.
robots.txt
So, there are a few directories listed in it. I saved those all in a separate text file.
saved text file from robots.txt
I had a feeling that most of them would be 404’s and rabbit holes so I fired up Burpsuite to use Intruder and brute-force those directories.
the captured request which is send to Intruder
adding the payload position in Intruder
The saved directories are used as payloads to brute-force
Intruder’s result
As we can see, there are certain directories which only gave 200 status codes. Let’s look them one by one.
At first, we are gonna see /flag.txt.
flag.txt
So there are certain characters given as flag. lets use cyberchef too find what it is.
cyberchef result
Of course it is a rabbit hole to troll us 😐. Well, it’s not going to be that easy. Let’s look at the second one /flag1.txt.
flag1.txt
So, they have given some gibberish. If you read the hint, “Rot Rot Everwhere but not a single Rot to see” we know that we should use Caesar Cipher. I use cryptii.com, but use can use any website you prefer.
Caesar cipher result
Another rabbit hole 😑. Let’s see the next one /wordlists.txt.
wordlists.txt
They have given a wordlist saying this will help us later. So, I saved it in a separate file. Now to the last one /ok.txt.
ok.txt
Another hint. In this they have given a directory which is encrypted using Caesar Cipher (/uncclzrny.wct). Let’s use cryptii again.
decoding using cryptii
We have found the plaintext which is happymeal.jpg. Let’s see what is in it.
happymeal.jpg
If you visit the link https://mirage.ctf.intigriti.io/happymeal.jpg this image is shown. Let’s visit /HelpMeOut.txt.
HelpMeOut.txt
Finally 😀. they have given a link to download the flag.zip file. let’s download and extract it.
flag.zip
The zip file is password protected. We need to use the wordlist wordlists.txt to find the password. We are gonna use john to crack the zip file. First let’s make a file which is compatible for john to crack using zip2john and crack the file using wordlists.txt.
cracked password using john
So we have found the password which is Soeasypeasy214. Now use the password to open the flag.txt and BOOM! , we got the flag.
flag.txt 😄
So this is how I solved Mirage challenge. Hope you guys like this blog. Make sure to show your support by applauding and sharing the blog with your fellow hackers and tech geeks. Let’s see you in another blog, until then PEACE OUT ✌️