Tuesday, March 4, 2014

DEFKTHON CTF 2014 - Crack Ajin's message. - Recon 250 Write-up

This was a new type of challenge for us and was really fun :D
We were given a message when we open it we are welcomed by a "mail" encrypted by Mailvelope v0.7.0. We googled for it and came across addons, installed one compatible with our browser and moved on to message again by adding paste.bin to add-ons site's. When we tried to decrypt, it wanted a key file and also a password -which we don't have :( -for now :)))-.
To find the key file and password google'd again Ajin Abraham as mentioned in challenge page. We came across to his personal page! The best thing we could wish! We searched the page and at the end of the HTML file we found a commented line:
<!--pastebin DOT com/TYHfKbtt-->
Let's go for the link! And ta-daa there is the key file! But wait a second we still don't have the passphrase :( lets keep looking for it. We searched the personal page again and see something interesting.
<p id="mail-failure">Unable to send your email! (--wankoff--)</p> 
What this wankoff could be? Can it be our passphrase :))) OF COURSE IT IS!!
Now, we have all the things necessary lets decrypt the mail!

And badumtisss:
 flag { Pretty007G00d007Privacy }

No comments:

Post a Comment