15 March 2021
HydraulicChallenge Source: NahamCon CTF 2021
Challenge Category: mission
Author: @JohnHammond#6971 This is Stage 2 of Path 5 in The Mission. After solving this challenge, you may need to refresh the page to see the newly unlocked challenges. Gain access with the information you have gathered thus far and retrieve the flag. You may bruteforce this challenge... hence the name ;) Press the Start button on the top-right to begin this challenge.
- Once finding new website directory structure via Lyra’s Twitter page and poking around a bit, we find http://constellations.page/constellations-documents/5/ with lists of user names and default passwords:
CONSTELLATIONS Default Account Passwords INTERNAL: this should not be shared outside of the org Personnel Names User accounts following the naming convention of lowercase firstname. orion pavo gus vela hercules leo lyra gemini Default Passwords starstar allstars starstruck starshine starsky popstars starship bluestars pinkstars superstars ilovestars rockstars thestars starscream gostars shootingstars northstars alpinestars starsign moonandstars starsrock luckystars iluvstars fivestars redstars mystars lovestars dallasstars moonstars sunmoonstars starsailor silverstars sevenstars lilstars dotaallstars sunstars starsun starsstars starsareblind pokerstars magicstars divastars blackstars starstarstar starsearch luvstars greenstars deathstars brightstars twinstars starsinthesky starshooter starsha threestars summerstars starspirit starshollow starsandstripes starsandmoons nightstars metrostars icstars hoodstars deadstars citystars
- We can copy/paste these lists into separate files, then feed them into Hydra:
- After this, it’s just a matter of loading the instance, logging in with these credentials via SSH and grabbing the flag in the user’s home directory.