web50 : RFC 7230 :: EKOPARTY CTF 2016

Key Takeaways

Hello everybody and welcome back to another video. Uh my name is John Hammond and I'm showcasing some more of the really simple and small challenges from the Echo Party or Eco Party CTF for 2016. I honestly still don't know how to pronounce the name of the CTF. I prefer Echo Party, but whatever. Uh I want to show off web 50. I again I haven't solved a whole lot of challenges. Um and these are all the simple ones and the small ones that I have, but I want to showcase them and and give them to you. So this one is asking to uh get get just the basic information from the server and the CTFchopart.org. Uh the challenge title is RFC7230. We could if we wanted to Google that and figure out what it is. You can see I have visited this page already. And it looks like it's just a simple page or RFC defining what the hypertext transfer protocol or HTTP is. So, I read through this and it didn't particularly give me a whole lot of uh of of hints and a and a good lead anywhere, but I I continued to move on and I actually tried to throw some simple like reconnaissance and web application uh testing stuff like tools at the URL and I actually ended up doing it with Nikto. But I we're trying to keep like a list of the tools that we end up using. So, I want to show that to you. It should be public. So, USGA tools and there's a list of some stuff that I try to archive. Um, and one of them that we have on there is NATO, but it's under the reconnaissance uh utility. Uh, and the same thing with Netcraft, which apparently a friend of mine solved this challenge by using Netcraft. So, I'll showcase that too. But you can use neto a terminal here and you can specify the host-H and we'll specify htt echo party and you'll see immediately it finds some information and in our case okay the server area that that that information field is does have our flag in it echo this is my great server. So super easy again you just kind of take advantage of using the tool and doing some simple reconnaissance on the on the web server on the web page. Um but again we could do that with Netcraft just like uh I had noted in our archive of tools here and a friend of mine told me that he solved it this way. So you can supply the URL that you want to give it and it can do a little bit of scanning eventually in the SSSL sorry SSL portion it does find oh the server here the flag again you can see the flag format echo this is my great server so you would go ahead and be able to submit that get your 50 points and you'd be rolling but wanted to showcase it to you simple stuff I just use the neto tool and netcraft it does some good reconnaissance and finds what we need in our case the lag. So, all righty. Thanks again for watching, guys. I hope to show you some more stuff. Again, simple, but I want to showcase it off to you uh in a later video. Talk to you soon.