Web IV (200pts) write-up
CTF: CIBERSEG 2017
Visita el retos.ciberseg.uah.es:6379 y consigue la clave.
Pista :) Esta permitido hacer Nmap contra el puerto 6379.
Visit retos.ciberseg.uah.es:6379 and get the key.
Hint :) It is allowed to use nmap to port 6379.
# (1) FOOTPRINTING AND RECONNAISSANCE
In this challenge it is allowed to use nmap against the target (just port 6379):
We use the '-sV' option to identify the service running on port 6379 and '-O' to identify the OS:
The service running on port 6379 is a database 'Redis key-value store':
Now we check whether we are able to connect to the CLI of the database and send commands (i.e. 'DBSIZE'):
(2) DUMPING THE KEYS
The database stores pairs of keys/values. Using the following command we can dump all the keys and store them in a plaintext file 'keys.txt' (there are 1104 keys):
In order to get the values of the keys, we must use the following command:
We can take advantage of our file 'keys.txt' in order to build a list of 'GET' commands for all the keys. First, we delete the strings starting by '$':
Then, we append a 'GET' at the beginning of each line:
We connect to the server again using 'telnet' and dump the contents of 'comandos.txt' to the CLI. We get the values of the keys and store them in the 'values.txt' file.
Now we look for the flag:
The flag is: