Simulated shell environment lets you pretend to be Hugh Jackman in Swordfish.
This one was pretty funny and we were the first team to solve it :D (yay 8 breakthrough points!). Let’s connect to the service to check it out.
$ nc interview.polictf.it 80 <... massive ascii art snip ...> [email protected]:~$ help A very hard interview: Codename Blow...Fish Maybe you can help me with something... DOD d-base, 128 bit encryption....What do you think? Maybe slide in a Trojan horse hiding a worm... I have been told that best "crackers" in the world can do it 60 minutes, unfortunately i need someone who can do it in 60 seconds... naturally with the right incentives ;) If you know what I mean, tell me how a real cracker accesses to a remote super protected server... Possible commands: hacker: Write code as a real hacker help: Give informations about the program hint: Gives a little hint exit: Loser...bye Bye ssh: A tiny ssh command date: A very useful and innovative feature [email protected]:~$ hint usage: ssh [email protected] username: THE username address: a not so easily reachable IP address Very simple...isn't it? [email protected]:~$ date Sun Jul 12 14:25:15 CEST 2015 [email protected]:~$ exit Loser...bye Bye
After a huge ASCII art display, we are dropped into a shell. Nothing normal (ls, cat, id, etc) is available however we can use the command ‘help’ to list what we can do. Here’s a summary of the commands:
- hacker - basically a version of HackerTyper on the terminal except it’s going by itself
- help - this help
- hint - tells you to use ssh, presumably to get the flag
- exit - exits the shell, and insults you in the process
- ssh - what we are supposed to use to get the flag
- date - prints the ‘current’ date (not really)
Now our first lead is the ‘briefing’ at the start of the help: “DOD d-base, 128 bit encryption…. I have been told that best “crackers” in the world can do it 60 minutes, unfortunately i need someone who can do it in 60 seconds… e right incentives”. What does this sound like? The movie Swordfish, of course. I mean, the name’s right there in the prompt.
So we go on Youtube and look for a video from the hacking scene where Hugh Jackman is forced at gunpoint to perform an impossible hack.
Now, since we are told to ‘ssh’ into a system. Let’s look out for usernames and ip addresses. Right before the point where Hugh is successful, the scene focuses on these two screens:
So, ‘admin’ stands out like a sore thumb and for the IP address… what do we have here? 3184.108.40.206? That does look like a not so reachable IP…