I2P + JavaScript obfuscation
Version
| Date | Author | Contact | Version | Comment |
|---|---|---|---|---|
| 24/11/2019 | noraj (Alexandre ZANNI) | noraj#0833 on discord | 1.0 | Document creation |
Information displayed for CTF players:
- Name of the challenge / Nom du challenge:
noraj secret zone - Category / Catégorie:
Web - Tags: misc (i2p), web-client (JS), network (i2p), reverse (JS obfuscation)
- Internet: required
- Difficulty / Difficulté: Medium / Moyen
Description
The world is dark, and noraj secret zone is hidden in a dark place.
xgyvm3yn6my4ryhws5p6esd3rony336kqzjkuxpzak6q3nveiiqq.b32.i2p
Flag format: sigsegv{username:password}
author: [noraj](https://pwn.by/noraj/)
Integration
Warning: very long to start the first time.
This challenge require a Docker Engine and Docker Compose.
Builds, (re)creates, starts, and attaches to containers for a service:
$ docker-compose up --build
Add -d if you want to detach the container.
Solving
Author solution
The given commands are for ArchLinux based systems.
- Install i2p:
sudo pacman -S i2pd - Start i2p daemon:
sudo systemctl start i2pd.service - Ask for the site through i2p local proxy:
curl http://xgyvm3yn6my4ryhws5p6esd3rony336kqzjkuxpzak6q3nveiiqq.b32.i2p --proxy http://127.0.0.1:4444or set the proxy in Firefox. - There is an obfuscated JS script:
_.js - Use a JS deobfuscator for a first pass:
- Finish deobfucation manually (see
login.clean.js)
Flag
sigsegv{n0r4j:sdhfisdhfuyehk}
SigSegV2
A web/misc/reverse/network challenge that was available during SigSegV2 CTF (2019).
5 teams on 36 flaged this challenge.