Infosec CTF
Level 15 : infosec_flagis_whatsorceryisthis
Open the file.
By opening it we learn that it is an SQL dump .
Lets search the word flag (we are looking for a flag , remember ?)
There is a table named flag !INTERESTING!
Lets analyze what information contains ...
There is an admins' account with an encrypted password. I tried to decrypt it but with no luck
(it is a hash from wordpress by the way ...).
If you scroll down ,there is a table named "friends". A strange name appears there :
\\u0069\\u006e\\u0066\\u006f\\u0073\\u0065\\u0063\\u005f\\u0066\\u006c\\u0061\\u0067\\u0069\\u0073\\u005f\\u0077\\u0068\\u0061\\u0074\\u0073\\u006f\\u0072\\u0063\\u0065\\u0072\\u0079\\u0069\\u0073\\u0074\\u0068\\u0069\\u0073
Really suspicious I can say . Lets try to decrypt it . Seems to be a unicode encryption but with an extra "/" . We do not have something to lose :)
Erase the extra "/" and the flag is yours ;)
Δεν υπάρχουν σχόλια:
Δημοσίευση σχολίου