Level 4 – oneweb

Level 4 – oneweb

I don’t be lying saying that oneweb was the easiest level of the Web challenges from RootedCON’2010 CTF.

Here’s how it looks like: a single text (in spanish) as instructions to follow:

Ok, we are at 1st., the next file you must read is:

0fdd8fd4233f8a226ff5a4fe87eee080.html

Into that file you will find more instructions.

Looking into the source code we see nothing hidden:

oneweb source

If you try:

http://ctf.rs-labs.com:84/oneweb_e04932f0613ba8c4ecadb225d929fd13/0fdd8fd4233f8a226ff5a4fe87eee080.html

You get:

"Muy bien, vamos por el 2, el siguiente fichero es: 415b4dd20fbf84f57ecd9067d46cfd25.html"
"Great, we are at 2nd., the next file is: 415b4dd20fbf84f57ecd9067d46cfd25.html"

It seems that we must follow every link till end. You can follow the links by hand… I prefer to write a script that parses the html file and extract the next link until no more links are found.

The script:

#!/bin/bash
#
#
CONTENTS="0fdd8fd4233f8a226ff5a4fe87eee080.html"
echo "First url: ${CONTENTS}"
while true;
do
  CONTENTS=`wget -O - -q "http://ctf.rs-labs.com:84/oneweb_e04932f0613ba8c4ecadb225d929fd13/${CONTENTS}" 2>/dev/null`
  CHECK=`echo ${CONTENTS} | egrep -o '[a-zA-Z0-9]+\.html'`
  if [ -z ${CHECK} ];
  then
    echo "Last: ${CHECK}"
    echo "${CONTENTS}"
    exit
  else
    CONTENTS=${CHECK}
    echo "Next: ${CHECK}"
  fi
done

And the output:

First url: 0fdd8fd4233f8a226ff5a4fe87eee080.html
Next: 415b4dd20fbf84f57ecd9067d46cfd25.html
Next: d448825f04b96dad95edbf15c0fcf8ae.html
Next: dc001aeff6413933fa39ce2274c4e7f1.html
Next: 501f146633dcc1456dc3127331f5e6fb.html
Next: 2f2b0c17e401289d0fef026fdde5fc03.html
Next: 00ddaa7fc6d7bfd3718d614d747c89b4.html
Next: 9214e39e4b87c7b50c649a73db125ec7.html
Next: d9c2c61caa499059d735498b37dbe83b.html
Next: 232053098c1431e26593680a2afd8d75.html
Next: a0e80364f43ea5fc39da8c2bc412ad5d.html
Next: 3cc1cc688be45633296e86d83213156f.html
Next: fc61f8d461e206a00a1561f31722bb66.html
Next: 7794897f6758b55065fc461c24bf353a.html
Next: 7551428ca5937bef86b8db6b7127e171.html
Next: 4c3330e015ca3ce6455f7d44c1c80c12.html
Next: 2ca8369f973d1e72b9c57cc5623a3678.html
Next: 89bb2e2aab31174357e487ddc573ddb9.html
Next: d4e0a86720195009446f31402de8cd5c.html
Next: fae52e4132df827207762c6f04c282c6.html
Next: 35edcf94bc2ab714dd8ce1b66d2952d3.html
Next: d2769ef9b862c602f3bb9460ada66952.html
Next: de9e7fd776ba6b5b3d6851e78d652437.html
Next: d724faa71dd042c981a2d15571630f62.html
Next: f3de0243b143097aa3ff0a0c735b1469.html
Next: 19ad68f84b72d5a2e67283dac975ea25.html
Next: ce9e4e6a4ce5d6705dfa1b8c21fd5a21.html
Next: c7eec9955b27e800de4a5822770548ed.html
Next: 9400b0d448347578dab40fa59a4a7a1e.html
Next: 1587ee188b9dc8697840fff9fa260bf6.html
Next: 2f63fb0df8265c7966deec32c5dc247e.html
Next: 6d20378ccce8a9e528792b33892eab2f.html
Next: d2cf450291cfa139451d043c102a73a7.html
Next: fb7ee9a599af8875867bd81810dcb41b.html
Next: af37680a5ece9979e39ad5f39254c697.html
Next: f5da8533a8dd04d31f593c55947fa1ee.html
Next: 9b554231bf3cb3adb09cc1dcd2f0d376.html
Next: 7751dd6b0f99849939560ca2ff20526d.html
Next: 73a7a9cce64b678044bbc9a133d41fe2.html
Next: 50bebeebd042dfc67eb49d8dc95c3996.html
Next: 4c1b7a54cebd01a48fc99865de26cfc6.html
Next: 3f8bf2c9277b102f76263f384443f54b.html
Next: 030b3bf200d391c437f13f3c451c77a2.html
Next: 522fa55a41bcac0099d78916f591510e.html
Next: 0953a0796e7c827d6f2e84b954ac4c3f.html
Next: 890f5797d65dd9105407c4c1dc6dded8.html
Next: 726cdd3b82d26a6089ddae5eeeed3501.html
Next: 75f325c6e4dcc4b33538bb18437d3e1f.html
Next: fd49af59af9703cdd457a6c9d88f8d62.html
Next: 5dadc13abc1c85d72f60759b61be4297.html
Next: c15f2393a82312cbb21d7d05fb7ad257.html
Next: 6b50e7a718338ae04e10ccfd95b07b4d.html
Next: 562e424be1b713f20fd6ffa6598f14fc.html
Next: e9f04f5d2673ef1f87f59322f43e427f.html
Next: bdf0ed354515e8b2c72071c063d9446d.html
Next: 6881935d5d9c11bcb514e41002a514e2.html
Next: 7328195a2d9dd92875082a580729fd1f.html
Next: 47191782c531098abf02f97b72b3f613.html
Next: b0f2e793e0ed2cbbf5bcc466391e619c.html
Next: 2d710f59ea85b5d18c7e2ec0e444e399.html
Next: 12baad93cb3e57f2d6f2ea1c64ee99bc.html
Next: 3e9b606dda4faa219789d44a9c908f92.html
Next: e0b7dc996df61bc55003578694ebc950.html
Next: b1a29326f8f68092bb1719a1a7e30529.html
Next: 7e146bb4eacc0e5bc00ed12c72d2347f.html
Next: 57735cfcc90c45de99bcd4eca8e0e4b0.html
Next: febafbe8c96fd2b4ef638fe803d12ceb.html
Next: 54fba2f5369af76244a26432b45ca325.html
Next: a9c799b046fa16f8410c2a6c6d9af0a4.html
Next: 28252f21c6eaecb4987f2e49b36a4cea.html
Next: 9ac6086403b2275740b3c93b7414ecf8.html
Next: 5335839d19211831fcc653359a99cc5f.html
Next: 5228b62f5500cd0c2a17ea9486051c08.html
Next: f720093002104882476fe68f5c897688.html
Next: 96b6240464c2bf8d53b387586d56f2c6.html
Next: c58b118f54d444506867581d9d22abaa.html
Next: 6559c3c82a832e2353842e31d045f88a.html
Next: 37b2b61a9de6fb64814d9e12932770e8.html
Next: e5dac13eb5c6dee4deab7ee99ef04834.html
Next: 871fa2d93d6bbb96986e0e52d161ff94.html
Next: 0c387188ecb809a90aff03e6067c4365.html
Next: f6f1200347acdb691d261900df70a714.html
Next: cc87e6a253893acd4bfc18433e36910b.html
Next: fc264927010864424ba0e8195568144a.html
Next: 3a083491e98569c036734ffff5455be9.html
Next: 936e041ea44a77e5e6dcd802331ca692.html
Next: bf6e8eb5f1db7ec713a7b884d83ae913.html
Next: a3e05edfd6a0eb90edd7011a72781980.html
Next: 04abfbad9c6aa336f0b93c87af034bed.html
Next: 06a154f17c3ed159a402da0fb3b7d8b8.html
Next: 65da56f7e5770ae324e3433e072c4831.html
Next: 0ba2175ff1d405ae967014fa679e763b.html
Next: 91935028895fafbfdbf1aba123392948.html
Next: 6fbc32443edb504cbf8bd2f1cdb173b5.html
Next: 82cf07005754561ca2276952895eba30.html
Next: 3adfd7aadfc74c6b8104de3069685669.html
Next: 15cc3bb0f7dc522febff12fd73410dd4.html
Next: d8ddd5a21e6fc91eea651b52d459518a.html
Next: 8b569a6f9521457c700ad540f70c1521.html
Last:
<html><head><link rel="stylesheet" type="text/css" href="http://www.rs-labs.com/rooted2010-ctf/green-hax0r-challenge.css" /></head>
Muy bien, vamos por el 100!!
Lo conseguiste, el password es: t00_t1r3d_f0r_th1S_0N3
</html>

One hundred html files!

The Flag captured: t00_t1r3d_f0r_th1S_0N3

Do you got it by hand?

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

Antes de enviar el formulario: