Tags: web cloud 

Rating: 4.7

Original writeup (https://github.com/bl4de/ctf/blob/master/2017/BostonKeyParty_2017/Prudentialv2/Prudentialv2_Cloud_50.md).
LinuskyFeb. 27, 2017, 2:14 a.m.

I am still kinda confused on how you get the values from the pdfs? Do you just get the hex values from the pdf files? But that would be over thousands of bytes and I was getting error messages from the ctf server...


_bl4deMarch 9, 2017, 11:56 p.m.

> Do you just get the hex values from the pdf files?

Yes, that what I've done. You have those files in my GitHub repo, you can just check this on your own if you wish

> But that would be over thousands of bytes

Nope, they have 752 bytes each.

I've opened both files in hex editor, then copy hexadecimal representation of them and put as string in Python script.

If you open any of those files using eg. xxd in Bash, you'll see this (truncated):

bl4de:~/hacking/ctf/2017/BostonKeyParty_2017/Prudentialv2 $ xxd sha1_1.html
00000000: 2550 4446 2d31 2e33 0a25 e2e3 cfd3 0a0a %PDF-1.3.%......
00000010: 0a31 2030 206f 626a 0a3c 3c2f 5769 6474 .1 0 obj.<


_bl4deMarch 9, 2017, 11:57 p.m.


00000020: 6820 3220 3020 522f 4865 6967 6874 2033 h 2 0 R/Height 3
(...)
bl4de:~/hacking/ctf/2017/BostonKeyParty_2017/Prudentialv2 $

So hex values I copied into name and password variables in Python script (also truncated):

# this is copy/paste from Hex editor - two different files with the same SHA1 checksum
name = '255044462D312E33 0A25E2E3 CFD30A0A(...)'

password = '25504446 2D312E33 0A25E2E3 (...)'

I just need to remove spaces and extract every byte prepending them by % to url encode them.

You can see whole files and those extracted bytes in my GH repo (this comment has to be shorter than 3000 chars :/)


garixmartin64Oct. 29, 2018, 10:11 a.m.

<a href="https://google.com">google</a>