n00bz Level 9

Hacking for n00bz – Level 9

Level 9 shows a login page, the first thing I do is to view the page source… nothing fishy. What about the cookies? Using Firebug, I checked cookies and for a moment, I thought I see something interesting, a cookie named “lpv12882” which contains a base64 encoded string.

n00bz Level 9

However, upon decoding, I see that it is just the page URL of level 9, which is the challenge we are trying to solve now.

Back to square one, but don’t give up just yet. We can always try harder!

n00bz Level 9

Since the login form mentioned the system name, “Cisco IDS Web Login System”, let’s perform a Google search to see what is its default password.

You can easily find websites which shows you the default passwords for various products, in this case, the Cisco IDS. Based on the website, it seems like we can try following default login,

Username: root
Password: attack

We did it! There, we have the key now. But how do we crack it?

n00bz Level 9

You can try many different methods, trial and error. In this case, if you look carefully, the last 7 letters in the string looks familiar, very familiar… “infosec”, perhaps?

If you run the string “ssaptluafed_sigalf_cesofni” in a string-reverse tool, you will get the flag, “infosec_flagis_defaultpass

Back to write-up list for InfoSec Institute CTF #1: Hacking for n00bz

One Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.