CSAW Quals 2017 : Best Router Write up

Solved by sh!v

The challenge had a tar file of 430 MB and when extracted it gave a whopping 16 GB best_router.img  file. As it was a disk image file I loaded that into the Autopsy tool in Windows. It showed four volumes of the disk image out of which two were unallocated. Of the other two volumes, one was a Windows 95 partition and the other was a Linux partition. I started searching in the Linux partition. The challenge had a link, which lead to a simple login page.

http://forensics.chal.csaw.io:3287

Usually such simple files which are hosted is usually kept in /var/www in the Linux partition. So I continued my search in /var/www of the given Linux partition. There  I found flag.txt, login.plusername.txt and password.txt. The flag.txt was empty. But the code in the login.pl shows that if username and password is entered correctly the flag is being retrieved. The other two files gave the username and password.

bestrouter.png

Username : admin

Password : iforgotaboutthemathtest

On submitting the above username and password in the site described above, it prints out the flag.

Flag : flag{but_I_f0rgot_my_my_math_test_and_pants}

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: