Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/noraj/sigsegv2.misc_5

A web/misc/reverse/network challenge that was available during SigSegV2 CTF (2019)
https://github.com/noraj/sigsegv2.misc_5

challenge ctf eepsite i2p javascript misc network obfuscation reverse rtfm sigsegv2 web

Last synced: 12 days ago
JSON representation

A web/misc/reverse/network challenge that was available during SigSegV2 CTF (2019)

Host: GitHub
URL: https://github.com/noraj/sigsegv2.misc_5
Owner: noraj
License: mit
Created: 2019-12-03T23:15:14.000Z (almost 5 years ago)
Default Branch: master
Last Pushed: 2022-06-20T17:42:33.000Z (over 2 years ago)
Last Synced: 2024-05-01T15:37:49.051Z (7 months ago)
Topics: challenge, ctf, eepsite, i2p, javascript, misc, network, obfuscation, reverse, rtfm, sigsegv2, web
Language: HTML
Homepage:
Size: 31.3 KB
Stars: 0
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # I2P + JavaScript obfuscation

## Version

Date        | Author                  | Contact               | Version | Comment

---         | ---                     | ---                   | ---     | ---

24/11/2019  | noraj (Alexandre ZANNI) | noraj#0833 on discord | 1.0     | Document creation

Information displayed for CTF players:

+ **Name of the challenge** / **Nom du challenge**: `noraj secret zone`

+ **Category** / **Catégorie**: `Web`

+ **Tags**: _misc_ (i2p), _web-client_ (JS), _network_ (i2p), _reverse_ (JS obfuscation)

+ **Internet**: required

+ **Difficulty** / **Difficulté**: Medium / Moyen

### Description

```

The world is dark, and noraj secret zone is hidden in a dark place.

xgyvm3yn6my4ryhws5p6esd3rony336kqzjkuxpzak6q3nveiiqq.b32.i2p

Flag format: sigsegv{username:password}

author: [noraj](https://pwn.by/noraj/)

```

# Integration

**Warning**: very long to start the first time.

This challenge require a Docker Engine and Docker Compose.

Builds, (re)creates, starts, and attaches to containers for a service:

```

$ docker-compose up --build

```

Add `-d` if you want to detach the container.

## Solving

### Author solution

The given commands are for ArchLinux based systems.

1. Install i2p: `sudo pacman -S i2pd`

2. Start i2p daemon: `sudo systemctl start i2pd.service`

3. Ask for the site through i2p local proxy: `curl http://xgyvm3yn6my4ryhws5p6esd3rony336kqzjkuxpzak6q3nveiiqq.b32.i2p --proxy http://127.0.0.1:4444` or set the proxy in Firefox.

4. There is an obfuscated JS script: `_.js`

5. Use a JS deobfuscator for a first pass:

  * https://lelinhtinh.github.io/de4js/

  * http://www.jsnice.org/

  * http://deobfuscatejavascript.com/

6. Finish deobfucation manually (see `login.clean.js`)

## Flag

`sigsegv{n0r4j:sdhfisdhfuyehk}`

## SigSegV2

A web/misc/reverse/network challenge that was available during SigSegV2 CTF (2019).

5 teams on 36 flaged this challenge.