Simulated shell environment lets you pretend to be Hugh Jackman in Swordfish.

Challenge Description

Points

50

Description

interview.polictf.it:80

Solution

This one was pretty funny and we were the first team to solve it :D (yay 8 breakthrough points!). Let’s connect to the service to check it out.

$ nc interview.polictf.it 80

<... massive ascii art snip ...>

[email protected]:~$ help
 A very hard interview: Codename Blow...Fish
Maybe you can help me with something...
DOD d-base, 128 bit encryption....What do you think?
Maybe slide in a Trojan horse hiding a worm...
I have been told that best "crackers" in the world can do it 60 minutes, unfortunately i need someone who can do it in 60 seconds... naturally with the right incentives ;)
If you know what I mean, tell me how a real cracker accesses to a remote super protected server...

Possible commands:
      hacker: Write code as a real hacker
        help: Give informations about the program
        hint: Gives a little hint
        exit: Loser...bye Bye
         ssh: A tiny ssh command
        date: A very useful and innovative feature

[email protected]:~$ hint
 usage:  ssh [email protected]
    username: THE username
    address: a not so easily reachable IP address
Very simple...isn't it?
[email protected]:~$ date
Sun Jul 12 14:25:15 CEST 2015
 [email protected]:~$ exit
 Loser...bye Bye

After a huge ASCII art display, we are dropped into a shell. Nothing normal (ls, cat, id, etc) is available however we can use the command ‘help’ to list what we can do. Here’s a summary of the commands:

  • hacker - basically a version of HackerTyper on the terminal except it’s going by itself
  • help - this help
  • hint - tells you to use ssh, presumably to get the flag
  • exit - exits the shell, and insults you in the process
  • ssh - what we are supposed to use to get the flag
  • date - prints the ‘current’ date (not really)

Now our first lead is the ‘briefing’ at the start of the help: “DOD d-base, 128 bit encryption…. I have been told that best “crackers” in the world can do it 60 minutes, unfortunately i need someone who can do it in 60 seconds… e right incentives”. What does this sound like? The movie Swordfish, of course. I mean, the name’s right there in the prompt.

So we go on Youtube and look for a video from the hacking scene where Hugh Jackman is forced at gunpoint to perform an impossible hack.

Now, since we are told to ‘ssh’ into a system. Let’s look out for usernames and ip addresses. Right before the point where Hugh is successful, the scene focuses on these two screens:

IP Addresses Usernames

So, ‘admin’ stands out like a sore thumb and for the IP address… what do we have here? 312.5.125.233? That does look like a not so reachable IP…

[email protected]:~$ ssh [email protected]
 flag{H4ll3_B3rry's_t0pl3ss_sc3n3_w4s_4ls0_n0t4bl3}

Success :)

Flag: flag{H4ll3_B3rry’s_t0pl3ss_sc3n3_w4s_4ls0_n0t4bl3}

Leave a Comment