tablet 1 Writeup
Uiuctf 2021
Solved by : thewhiteh4t
- we are given an iPad image in this challenge
- goal was to find a server where the data was exfiltrated
- so a guess was that I will find a server and flag will be present on it
-
following this theory I looked for the string
uiuc.tf
because thats the domain being used in all remote based challengesgrep -rni “uiuc.tf” .
- this is a Sqlite3 database file
- I found SSH private key and other login info required for login
-
SSH login ssh -i id_rsa red@red.chal.uiuc.tf -p 42069
-
the private key is encrypted and the password is actually : ****
-
but on login I got a message that service allows only SFTP connections, so I tried logging in with SFTP
- unlike most ctf challenges flag was not available after login so I downloaded
.bash_history
usingget
command
- and in this location I found a JPG image…
uiuctf{upload_task_only_takes_9_seconds_0bf79b}