Impossible Pen Test

Table of Contents

Not quite sure what does the title mean.

theinternet.ctf.umbccd.io

Problems

Part 1

Can you help us find the password of an affiliate's CEO somewhere
on the internet and use it to log in to the corporate site?

Part 2

Can you help us find a disgruntled former employee somewhere
on the internet (their URL will be the flag)?

Part 3

Can you help us find the mother of the help desk employee's name with their maiden name somewhere
on the internet (the mother's URL will be the flag)?

Part 4

Can you help us find the syncedin page of the linux admin somewhere
on the internet (their URL will be the flag)?

Part 5

Can you help us find the CTO's password somewhere
on the internet and use it to log in to the corporate site?

Solution

1&5

Find the data breach charriottinternational and skayou, then login using their email.

2&3&4

Wrote a script to find unusual urls.

Script

import requests
from bs4 import BeautifulSoup

queried = {}


def is_in_dict(target: dict, key: str) -> bool:
    try:
        target[key]
        return True
    except KeyError:
        pass
    return False


def sync_in_url(person_name: str) -> str:
    return "https://theinternet.ctf.umbccd.io/SyncedIn/DogeCTF%7B" + person_name + "%7D.html"


def face_space_url(person_name: str) -> str:
    return "https://theinternet.ctf.umbccd.io/FaceSpace/DogeCTF%7B" + person_name + "%7D.html"


def query(person_name: str):
    if is_in_dict(queried, person_name):
        return
    queried[person_name] = "1"
    r = requests.get(sync_in_url(person_name))
    if r.text.startswith("[Errno 2]"):
        print("No " + sync_in_url(person_name))
        return
    r = requests.get(face_space_url(person_name))
    if r.text.startswith("[Errno 2]"):
        print("No " + face_space_url(person_name))
        return
    soup = BeautifulSoup(r.text, "html.parser")
    result = soup.select("body > div:nth-child(2) > p")[0].text
    relations = result.split("\n")
    relation_length = len(relations) - 1
    for i in range(0, relation_length):
        if relations[i] == 'No relationship information':
            continue
        line = relations[i].split(' ')
        line_length = len(line)
        if line_length < 3:
            continue
        name = line[line_length - 2] + line[line_length - 1]
        print(name)
        query(name)


print("Input name to query.")
name_to_query = input()
name_to_query = name_to_query.replace(" ", "")
query(name_to_query)

Output

➜  ~ python3 ./test.py | grep No
GreysonHahn
No https://theinternet.ctf.umbccd.io/FaceSpace/DogeCTF%7BZacharyOrndorff%7D.html
No https://theinternet.ctf.umbccd.io/FaceSpace/DogeCTF%7BRudyGrizwald%7D.html # this
No https://theinternet.ctf.umbccd.io/FaceSpace/DogeCTF%7BZackOrndorff%7D.html
No https://theinternet.ctf.umbccd.io/FaceSpace/DogeCTF%7BAlexusCunningham%7D.html # this
No https://theinternet.ctf.umbccd.io/FaceSpace/DogeCTF%7BGuillermoMcCoy%7D.html # and this

Note: at the time I wrote the script, all outputs are of FaceSpace.

Nemo Xiong avatar
Nemo Xiong
ex-Cybersecurity Executor, now a student in Unimelb
comments powered by Disqus