This is another lab which does not have much to do with any specific topic of security. Rather, it tests your understanding of Linux and problem-solving ability. In preparation, we should review some basic concepts.
- What is a hash function? What is a cryptographic hash function?
- What are some common uses of a cryptographic hash function?
- What is a (UTF-8) “plaintext” file vs. a “binary” file?
- How do you apply the kill chain methodology to a penetration test?
Be familiar with relevant Linux commands, like ping
, nmap
, and grep
.
The content above contains some dead giveaways on how to solve this week’s challenge. But of course, not everything has been spoiled. What to do when you get stuck? Remember…
Google is your friend!
Your team will be assigned a server, either potato0.local
, potato1.local
, or potato2.local
. These servers (should be) identical. You can SSH into the servers on the default port 22, with the credentials below:
Username: potato
Password: starch
Hints and Clues
- Password to secret HTTPS server is a hash of
groceries/potato.jpg
. The fileoutput.txt
might help you. nmap -p ???
Seeman nmap
ornmap -h
for help.- https://en.wikipedia.org/wiki/Binary_file (read just the first paragraph)