-- Leo's gemini proxy
-- Connecting to airmack.de:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini
░█▀█░▀█▀░█▀▄░█▄█░█▀█░█▀▀░█░█░░░░█▀▄░█▀▀ ░█▀█░░█░░█▀▄░█░█░█▀█░█░░░█▀▄░░░░█░█░█▀▀ ░▀░▀░▀▀▀░▀░▀░▀░▀░▀░▀░▀▀▀░▀░▀░▀░░▀▀░░▀▀▀
Aus der Kategorie Hacking
In the pcap included in this challenge we see icmp packages that are sent to 10.13.37.161. Only some packages receive a reply. An important fact is that the TTL changes and depending on the TTL a reply is send or not. It seems that a certain pattern of TTLs need to be send to retrieve the flag. The following code was used to brute force the reply:
#!/bin/bash counter="73" BREAKER=0 TIMEOUT=50 while [ $BREAKER -eq 0 ] ; do echo $counter for i in $(seq 63 125) do for j in $counter do fping -H $j 10.13.37.161 -t $TIMEOUT -c 1 > /dev/null done echo $i fping -H $i 10.13.37.161 $TIMEOUT -c 1 > /dev/null if [ $? -eq 0 ] then break fi if [ $i -eq 125 ] then $BREAKER=1 fi done done
The TTL of the package with a reply yields a range of ASCII character which can be finaly translated to INS{ttl_leak_is_trendy_this_year}
-- Response ended
-- Page fetched on Thu May 2 13:51:16 2024