This one had no description, just a server & port number:
This is the initial screen:
Looks like a basic shell probably watered down with a few commands.
As we can see in the help, we have a few options. The most interesting being hacker, ssh & date.
Hacker does nothing but read from arbitrary files and prints it back to the client.
Date doesn't appear to do anything very interesting.
SSH works in some interesting ways highlighted below:
Trying a few users:
Unfortunately all addresses are unreachable :(
But it seems that "admin" is the username.
Now after trying a few IP's, it started to be a clue we should look somewhere else. Maybe we should look for the original Swordfish Footage?
Here's a link to the original Scene - https://www.youtube.com/watch?v=zfy5dFhw3ik
Let's play through it and change the speed at which the video runs to 0.25 on YouTube, so that we can watch all terminal activity.
You may notice around 96-97s in, the ip shows: https://youtu.be/zfy5dFhw3ik?t=96
Let's try each with the ssh utility.
Looks like the first one works, but it's not enough, let's try the second.
There we go, a nice flag to wrap up a very nostalgic challenge.
interview.polictf.it:80
This is the initial screen:
____ __ __
/\ _`\ /\ \__ /\ \__
\ \ \/\ \ __ _____ __ _ __\ \ ,_\ ___ ___ __ ___\ \ ,_\
\ \ \ \ \ /'__`\/\ '__`\ /'__`\ /\`'__\ \ \/ /' __` __`\ /'__`\/' _ `\ \ \/
\ \ \_\ \/\ __/\ \ \L\ \/\ \L\.\_\ \ \/ \ \ \_/\ \/\ \/\ \/\ __//\ \/\ \ \ \_
\ \____/\ \____\\ \ ,__/\ \__/.\_\\ \_\ \ \__\ \_\ \_\ \_\ \____\ \_\ \_\ \__\
\/___/ \/____/ \ \ \/ \/__/\/_/ \/_/ \/__/\/_/\/_/\/_/\/____/\/_/\/_/\/__/
\ \_\
\/_/
___ ____ ___
/'___\ /\ _`\ /'___\
___ /\ \__/ \ \ \/\ \ __ /\ \__/ __ ___ ____ __
/ __`\ \ ,__\ \ \ \ \ \ /'__`\ \ ,__\/'__`\/' _ `\ /',__\ /'__`\
/\ \L\ \ \ \_/ \ \ \_\ \/\ __/\ \ \_/\ __//\ \/\ \/\__, `\/\ __/
\ \____/\ \_\ \ \____/\ \____\\ \_\\ \____\ \_\ \_\/\____/\ \____\
\/___/ \/_/ \/___/ \/____/ \/_/ \/____/\/_/\/_/\/___/ \/____/
____ ____ ____ ___ ____ _ ____ ___ ____ ___ ____ ____ ____ ____ ____ ____ ____ _ _ _ _ _
|__/ |___ [__ | |__/ | | | |___ | \ |__| | | |___ [__ [__ | | |\ | | \_/
| \ |___ ___] | | \ | |___ | |___ |__/ | | |___ |___ |___ ___] ___] |__| | \| |___ |
fish@sword:~$
Looks like a basic shell probably watered down with a few commands.
fish@sword:~$ help
A very hard interview: Codename Blow...Fish
Maybe you can help me with something...
DOD d-base, 128 bit encryption....What do you think?
Maybe slide in a Trojan horse hiding a worm...
I have been told that best "crackers" in the world can do it 60 minutes, unfortunately i need someone who can do it in 60 seconds... naturally with the right incentives ;)
If you know what I mean, tell me how a real cracker accesses to a remote super protected server...
Possible commands:
hacker: Write code as a real hacker
help: Give informations about the program
hint: Gives a little hint
exit: Loser...bye Bye
ssh: A tiny ssh command
date: A very useful and innovative feature
As we can see in the help, we have a few options. The most interesting being hacker, ssh & date.
Hacker does nothing but read from arbitrary files and prints it back to the client.
Date doesn't appear to do anything very interesting.
SSH works in some interesting ways highlighted below:
Trying a few users:
fish@sword:~$ ssh fish@127.0.0.1 ... Username not found ... Address not reachable fish@sword:~$ fish@sword:~$ ssh root@127.0.0.1 ... Username not found ... Address not reachable fish@sword:~$ ssh admin@127.0.0.1 ... Username found ... Address not reachables|
Unfortunately all addresses are unreachable :(
But it seems that "admin" is the username.
Now after trying a few IP's, it started to be a clue we should look somewhere else. Maybe we should look for the original Swordfish Footage?
Here's a link to the original Scene - https://www.youtube.com/watch?v=zfy5dFhw3ik
Let's play through it and change the speed at which the video runs to 0.25 on YouTube, so that we can watch all terminal activity.
You may notice around 96-97s in, the ip shows: https://youtu.be/zfy5dFhw3ik?t=96
213.225.312.5 312.5.125.233
Let's try each with the ssh utility.
fish@sword:~$ ssh admin@213.225.312.5 ... Username found ... Address reachable
Looks like the first one works, but it's not enough, let's try the second.
fish@sword:~$ ssh admin@312.5.125.233
flag{H4ll3_B3rry's_t0pl3ss_sc3n3_w4s_4ls0_n0t4bl3}
flag{H4ll3_B3rry's_t0pl3ss_sc3n3_w4s_4ls0_n0t4bl3}
There we go, a nice flag to wrap up a very nostalgic challenge.
P.S. The glitch-art took longer than the Challenge :D
