sameer fakhoury
  • Home
  • CTF Writeups
  • Course Summaries
  • Cyber Reports
  • Articles
  • Event Notes
  • About Me
repo

repo

  • In the realm of SSL certificates, the potential for attackers to gather substantial information through passive means is significant. This includes uncovering subdomains, mapping networks, checking assets and services. Your assignment involves retrieving the postal code and serial number linked to certification ID 7969287 and specified flag values.
  • flag format: BAU{postalCode_serialNumber_flag1_flag2}
  • Note: in order to retrieve the postal code and serial number linked to certification ID 7969287 you need to find the correct website
  • download the following text file: repo.txt
  1. when we download the repo.txt and open it I found a suspicious texts patterns
      2. image
    1. {LOL_YOU_THOUGHT_YOU_FOUND_ME}
  2. as the question name suggests repo related to repository this is the folder name in GitHub so I’ll search for the founded text {LOL_YOU_THOUGHT_YOU_FOUND_ME} as a repository in GitHub
    3. image
  3. Let’s download the repository and check it’s contents → git clone https://github.com/sameerfakhoury/-LOL_YOU_THOUGHT_YOU_FOUND_ME-.git
  4. let’s discover this repository
      5. image
    1. as we see there are many flags.txt
  5. let’s use grep command to check flag keyword → grep -i -r "flag" .
      6. image
    1. as we see almost all of them have flag keyword
  6. make opposite of step5 and check non flag → grep -i -r -v "flag" .
      7. image
    1. we have flag1 value Delaware
  7. going to the other folder called others we have tow files
    8. image
  8. check the http.txt file
      9. image
    1. we have many lines of random text
  9. let’s search for http of certificate keyword as the question want things related to SSL certificate also checking the note in the question → Note: in order to retrieve the postal code and serial number linked to certification ID 7969287 you need to find the correct website
      10. image
    1. we got a website link related to SSL certifications → https:crt.sh
  10. open the following website https:crt.sh and check the postalCode and serialNumber values for the ID 7969287
      11. image
    1. postalCode and serialNumber values are → 10043_2154254
  11. going back to the GitHub repository let’s check the history section
    12. image
  12. check each change commits one by one
    13. image
  13. in the second one
      14. image
    1. we got flag2 value olbgt
  14. BAU{10043_2154254_Delaware_olbgt}

©sameer fakhoury

GitHubLinkedIn