Just as I had found with previous flags, MayUrG0atsBeFr33 and Goats34Milk, I found the flag ML5jVuOCTvMhaG70p0BL by using grep to search through files I had already downloaded:
No special sauce here, just another easy flag worth 20 points. The file I found it in, 10_25_2_165_rexpzo.xml was somewhat interesting. It appeared to be an XML output file from a Nessus scan? I’m not sure. Either way, I probably spent too much time looking through this file than was really necessary. It didn’t occur to me until NOW that the numbers in the filename might have been an IP address worth scanning: 10.25.2.165. I guess I’ll never know.
There were a couple of interesting files found under the same directory: jlaw1.mov and jlaw2.mov (you can download the files I kept from the CTF here). These were media files that I couldn’t find anything significant about. I thought maybe there might be some meta data attached to them that could be a flag, but nothing stood out.
Taking a second look at the now, I wonder if there is anything significant about their titles. One is titled “larry_pie_to_face” and the other “larry_pie”. If you saw these and tried them, I’d be curious to know the results. Running the files through the “file” and “strings” command didn’t reveal anything substantial. I also thought they were too small to hide anything else, so I left them and moved on.
There were MANY more flags to be found on this particular host, which I’ll blog about later. I found this flag early on and moved onto exploring other targets before returning to this host again later and even later on during the competition.