Web

Challenge Name: RECOVERED LOGS - HAWKINS NATIONAL LABORATORY Category: Web Target: nc 140.245.25.63 8005 (Accessible via curl --http0.9) 1. Description The challenge provides a Dr. Brenner themed terminal service. Attempts to access via standard curl fail with an HTTP/0.9 error, indicating it’s a raw TCP service or uses a legacy protocol. 2. Analysis Service Investigation Connecting to the terminal reveals a restricted menu: View Previous Messages (Logs) Send Message to Command Initiate Upside Down Protocol (Admin) Disconnect Log Analysis Using option 1 to view logs provides the following critical information: ...

Challenge Name: The Fav Controversy Category: Web Target: http://140.245.25.63:8003/ 1. Description The challenge description mentions: “Every time you search for a ‘controversial’ topic, the site whisks you through a series of hidden doorways before showing you a blank result. The flag isn’t at the destination…it’s scattered across the journey itself.” It also hints at checking the browser history. 2. Analysis Redirection Chain When a “controversial” search term (like everything, truth, or admin) is entered into the search bar, the server initiates a chain of HTTP 302 redirects instead of directly serving the results. ...

Challenge Name: The Gate Category: Web Target: http://140.245.25.63:8004/ 1. Description The challenge presents a page with two options: “CHOOSE EARTH” and “CHOOSE UPSIDE”. The hint emphasizes: “It’s not about what you’re asking for, but who is asking and how you’re asking it. Legend says only a ‘Wizard’ knows the true way through.” 2. Analysis Identification Who is asking: Initial probes with various methods revealed a hidden header when using the HEAD method. How you’re asking it: Using curl -I (which sends a HEAD request) to the root or index.php resulted in an interesting response header: Error: Access Denied. You are not WizardWill. This revealed both the required identity (WizardWill) and the fact that the server responds differently to the HEAD method. ...