ASIS CTF 2016 - Angrymin - Misc Challenge

Reading time ~1 minute


Guest post by team member 0pc0d3 today, thanks Opc0d3 damn that name is hard to type.

Firstly, we check the firewall. However, the URL does not resolve to an address.


So let’s have a look at the documents and manuals that the angry admin backed up.


Unpacking it, we can see that the document allows us to identify the firewall is a Juniper firewall and the version could be around 6.3.0, which is vulnerable to CVE-2015-7755. This vulnerability pertains to a backdoor password in ScreenOS. However, we will need to find the firewall.

Running the “host” command, we can see that the firewall is using IPv6. has IPv6 address 2406:d501::613c:a652

We quickly spin up a DO Droplet with an IPv6 interface allows us to reach out to our firewall.

root@angry:~# nmap -A -T4 -6 2406:d501:0:0:0:0:613c:a652

Starting Nmap 6.40 ( ) at 2016-05-07 07:22 EDT
Warning: 2406:d501::613c:a652 giving up on port because retransmission cap hit (6).
Nmap scan report for 2406:d501::613c:a652
Host is up (0.22s latency).
Not shown: 992 closed ports
22/tcp  open     ssh        OpenSSH 6.0p1 Debian 4+deb7u1 (protocol 2.0)
| ssh-hostkey: 1024 26:c5:a6:f3:68:fc:12:86:65:2b:8e:2b:cc:a0:62:2b (DSA)
|_2048 77:03:0f:db:66:9e:22:f7:d1:91:36:66:d6:0d:5e:9a (RSA)

Now all we need to do is SSH into the firewall, use the backdoor password <<< %s(un='%s') = %u and we’re at the home stretch. However, the user names “root” nor “system” did not work. After trying several expected user names, we go back hunting for a valid username. The last piece of our puzzle.

We then realized that tar keeps a record of the username of the archive’s creator, and via the “-t” parameter, we found the user name we needed.


Our elusive username is craigswright.


Flag: ASIS{wh0_1n_h15_r16h7_m1nd_w0uld_b3l13v3_cr416_wr16h7_15_54705h1_n4k4m070}

DeadFace CTF: Lytton Labs Cryptoware 1

Another great CTF this week with a lot of variety of challenges and very helpful admins. For the second week in a row I'm writing about a...… Continue reading

DigitalOverdose: Time

Published on October 10, 2021

TamilCTF: Ransomware

Published on September 28, 2021