Posted on by and filed under Hack.LU 2012.

This problem is not immediately visible. Upon viewing the page for it, this is all you’re given:

Challenge

There are no clues in the source code or anywhere on this page. If you’re discouraged enough to log out, you might decide to look at the source for the login page…

Code

That’s odd. Near the bottom, we see a reference to “http://braaaains.hack.lu/bloody.js”. If we do an nslookup on braaaains.hack.lu, it shows that it only has an ipv6 address:

2002:95:d:21:4a:0:0:1

This address…doesn’t actually work. Through some google-fu, we learn that ipv6 addresses starting with 2002 are “6to4” relay addresses, used to identify ipv4 addresses in the ipv6 universe.

2002:95:d:21:4a:0:0:1

These hex values translate to 149.13.33.74. Entering that address into the browser gives us the login screen for the CTF. So, we need to make sure our request is coming from the “braaaains.hack.lu” subdomain, and try to get the bloody.js page…

HTTP

There’s the key! IcanSmellBigBrainsARRRRR

Credits: Alex Lynch, Jonathan Singer