Square CTF 2018 C5: de-anonymization

Analysis

In the .jar file they provided 5 .csv files.

And the online system they described is like this:

Let’s try reset password!

From 1.csv we just searched for the word “captain” and find the email. Note that it starts by “e” letter.

From 2.csv we got the State: Florida.

From 3.csv

From 4.csv, using the income code we extract the street: 4 Magdeline.

From 5.csv

But the email address is eyakubovics9t@… starts by “e”, so the name should be Elyssa.

So far we have:

And from 3.csv, using state and street we already have, I pick the ssn last four digits:   4484

So the data are:

After “Reset Password” button is pressed, this is what we see:

Now we’ll try some password. As described in the link they provided, we should use a new password with a capital letter. Let’s start with Captain street as new Password: Magdeline.

After the submission, in the address bar we have:

T

The flag is:

flag-5ed43dc6356b2b68c689422769952b82

Rispondi

Inserisci i tuoi dati qui sotto o clicca su un'icona per effettuare l'accesso:

Logo di WordPress.com

Stai commentando usando il tuo account WordPress.com. Chiudi sessione /  Modifica )

Google photo

Stai commentando usando il tuo account Google. Chiudi sessione /  Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione /  Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione /  Modifica )

Connessione a %s...

Questo sito utilizza Akismet per ridurre lo spam. Scopri come vengono elaborati i dati derivati dai commenti.