Hack the Game of Thrones CTF (CTF Challenge part 1)

Hello friends! Today we are going to take another CTF challenge known as C0m80. The credit for making this vm machine goes to “OscarAkaElvis” and it is another capture the flag challenge in which our goal is to get all the flags to complete the challenge. You can download this VM here.
Let’s Breach!!!
Let us start form getting to know the IP of VM (Here, I have it at but you will have to find your own)

Use nmap for port enumeration
nmap -p- -sV 


We find that port 80 is running http, so we open the ip in our browser.

We take a look at the source code and find the flag syntax.

Use dirb to enumerate the ports.

We find the robots.txt file, we open it and find few directories.

We open the directory /secret-island/ using user-agent Three-eyed-raven

We open it and find a link to a map.

When we open the map we find the location of all the flags.

We open the directory called /direct-access-to-kings-landing/ using user-agent Three-eyed-raven.

We open the directory and take a look at the source code and find what looks like port for port knocking  
and to user  as oberynmartell.

We then find /h/i/d/d/e/n/ directory using dirb and we open it.

We take a look at the source code and find password for oberynmartell.

We use ftp to connect we use the username and password we previously found to login. We get the first flag as soon we login.

We find two files and download through ftp and find a file that gives us the type of hash it uses.
We save the hash in a file.

Now we use john the ripper to decrypt the file and find the password to be stark
John –format=dynamic_2008 hash.txt

Now we use mcrypt to decrypt the encrypted file we found in the ftp server.
Mcrypt -d the_wall.txt.nc

We now add the domain winterfell.7kingdoms.ctf to /etc/hosts and open the link found in the file.

We login using the username and password to login, and find a page with two images. 

We take a look at the source code, and we find the second flag.

Along with the second flag we also find a hint that it contains something, so we download the file and use strings to take a look inside the file and find a domain name.
strings stark_shield.jpg

It hints us that TXT record will contain something useful so we use nslookup to check the TXT records.  We had to make some changes to the domain name to make it valid, and we find our 3rd flag.
nslookup -q=txt Timef0rconqu3rs.7Kingdoms.ctf

Now we add the new domain name to /etc/hosts and open the link found in TXT record above.



Post a Comment