-- Leo's gemini proxy

-- Connecting to airmack.de:1965...

-- Connected

-- Sending request

-- Meta line: 20 text/gemini

░█▀█░▀█▀░█▀▄░█▄█░█▀█░█▀▀░█░█░░░░█▀▄░█▀▀
░█▀█░░█░░█▀▄░█░█░█▀█░█░░░█▀▄░░░░█░█░█▀▀
░▀░▀░▀▀▀░▀░▀░▀░▀░▀░▀░▀▀▀░▀░▀░▀░░▀▀░░▀▀▀


Insomni Hack 2015(Lost In Memories) writeup


Aus der Kategorie Hacking


Begin


In the pcap included in this challenge we see icmp packages that are sent to 10.13.37.161. Only some packages receive a reply. An important fact is that the TTL changes and depending on the TTL a reply is send or not. It seems that a certain pattern of TTLs need to be send to retrieve the flag. The following code was used to brute force the reply:


Code


#!/bin/bash
counter="73"
BREAKER=0
TIMEOUT=50

while [ $BREAKER -eq 0 ] ; do
  echo $counter
  for i in $(seq 63 125)
  do
    for j in $counter
    do
      fping -H $j 10.13.37.161 -t $TIMEOUT -c 1 > /dev/null
    done
    echo $i
    fping -H $i 10.13.37.161 $TIMEOUT -c 1 > /dev/null
    if [ $? -eq 0 ]
    then
      break
    fi

    if [ $i -eq 125 ]
    then
      $BREAKER=1
    fi
  done
done


The TTL of the package with a reply yields a range of ASCII character which can be finaly translated to INS{ttl_leak_is_trendy_this_year}


Latest article



Fix for zfs-dkms-git in arch for kernel 5.15.7 erstellt am 11. December 2021


Project gemini erstellt am 13. Februar 2021


Eat Sleep PWN Repeat erstellt am 07. Dezember 2020


Physico-chemically motivated parameterization and modelling of real-time capable lithium-ion battery models: a case study on the Tesla Model S battery erstellt am 06. Dezember 2020


Breaking out of cisco anyconnect no local network restriction erstellt am 8. April 2018


Insomni Hack 2015(Lost In Memories) writeup erstellt am 23. Maerz 2014


ruCTF 2014(Pidometer) writeup erstellt am 21. Dezember 2014


Footer



Hauptseite


Impressum


Übersicht


Bio

-- Response ended

-- Page fetched on Thu May 2 13:51:16 2024