VULNCON CTF 2020 - can_you_c_the_password? writeup

less than 1 minute read

Description:

Decrypt the password and submit it as the flag!

Chall file

Author - maniac

Solution

This is a chall about the Active Directory’s Group Policy Preferences. It is a Windows feature that allows sysadmins to configure machines remotely. It is vulnerable because the password can be easily recovered by an attacker.

The file Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Preferences/Groups/Groups.xml contains a field cpassword="HlQWFdlPXQTU7n8W9VbsVTP245DcAJAUQeAZZfkJE/Q8ZlWgwj7CqKl6YiPvKbQFO7PWS7rSwbVtSSZUhJSj5YzjbkKtyXR5fP9VQDEieMU", which is the crypted password that we want.

I used gp3finder to decrypt it, which yields:

vulncon{s3cur1ty_h4s_3volv3d_s0__much}

Twitter Facebook LinkedIn

Víctor Cora Colombo

VULNCON CTF 2020 - can_you_c_the_password? writeup

Description:

Solution

You May Also Enjoy

Creating my own /dev/null

Linux kernel QEMU setup

Linux Kernel stuck in QEMU: Decompressing Linux… Parsing ELF… forever

Spread operator leading to XSS