Tubes

Description

Tubes

The internet is a series of tubes...

ssh -i id_uscg uscg@tubes.challs.uscybergames.com

Solution

➜ ssh -i id_uscg uscg@tubes.challs.uscybergames.com
Last login: Wed Jun  5 19:21:55 2024 from 71.77.5.143
-bash-5.0$ ls
README.txt
-bash-5.0$ cat README.txt
   __  _______ ____________
  / / / / ___// ____/ ____/
 / / / /\__ \/ /   / / __
/ /_/ /___/ / /___/ /_/ /
\____//____/\____/\____/

They say the internet is a like a series of tubes...
Some of them are connected to this machine...
And the flag is passing through one...

Many commands were not present so I did recursive ls and filtered manually:

uscg@s4-forensics-tubes:~$ ls -alhR /
/:
total 36K
drwxr-xr-x 9 root root 4.0K Jun  3 00:44 .
drwxr-xr-x 9 root root 4.0K Jun  3 00:44 ..
drwxr-xr-x 2 root root 4.0K Jun  2 21:39 bin
drwxr-xr-x 2 root root 4.0K Jun  2 19:33 dev
drwxr-xr-x 2 root root 4.0K Jun  2 22:48 etc
drwxr-xr-x 3 root root 4.0K Jun  2 21:04 home
drwxr-xr-x 5 root root 4.0K Jun  2 21:56 usr

/bin:
total 1.3M
drwxr-xr-x 2 root root 4.0K Jun  2 21:39 .
drwxr-xr-x 9 root root 4.0K Jun  3 00:44 ..
-rwxr-xr-x 1 root root 1.2M Jun  2 21:31 bash
-rwxr-xr-x 1 root root 139K Jun  2 21:39 ls
 
/home/uscg:
total 24K
drwxr-xr-x 2 root root 4.0K Jun  2 22:57 .
drwxr-xr-x 3 root root 4.0K Jun  2 21:04 ..
lrwxrwxrwx 1 root root    9 Jun  2 21:38 .bash_history -> /dev/null
-rwxr-xr-x 1 root root  220 Jun  2 21:36 .bash_logout
-rwxr-xr-x 1 root root    0 Jun  2 21:18 .bash_profile
-rwxr-xr-x 1 root root 3.7K Jun  2 21:36 .bashrc
-rwxr-xr-x 1 root root  807 Jun  2 21:36 .profile
-rw-r--r-- 1 root root  309 Jun  2 22:05 README.txt

/lib/x86_64-linux-gnu/awk:
total 56K
drwxr-xr-x  2 root root 4.0K Jun  2 22:43 .
drwxr-xr-x 29 root root  20K Jun  2 22:43 ..
-rwxr-xr-x  1 root root  15K Jun  2 22:43 grcat
-rwxr-xr-x  1 root root  15K Jun  2 22:43 pwcat
 
/usr/bin:
total 52K
drwxr-xr-x 2 root root 4.0K Jun  3 00:32 .
drwxr-xr-x 5 root root 4.0K Jun  2 21:56 ..
-rwxr-xr-x 1 root root  43K Jun  2 22:03 cat

/usr/sbin:
total 1.1M
drwxr-xr-x 2 root root  4.0K Jun  2 21:27 .
drwxr-xr-x 5 root root  4.0K Jun  2 21:56 ..
-rwxr-x--- 1 root uscg 1020K Jun  2 21:27 tcpdump

tcpdump is odd to have midst of all tools missing.

Too many packets are being sent back and forth...

uscg@s4-forensics-tubes:~$ tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens4, link-type EN10MB (Ethernet), capture size 262144 bytes
19:39:29.889149 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 3033658429:3033658537, ack 1116792585, win 64032, length 108
19:39:29.889266 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 108:252, ack 1, win 64032, length 144
19:39:29.889970 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 252:460, ack 1, win 64032, length 208
19:39:29.890074 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 460:680, ack 1, win 64032, length 220
19:39:29.890169 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 680:1012, ack 1, win 64032, length 332
19:39:29.891510 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 1012:1232, ack 1, win 64032, length 220
19:39:29.892614 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 1232:1416, ack 1, win 64032, length 184
19:39:29.893803 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 1416:1600, ack 1, win 64032, length 184
19:39:29.894934 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 1600:1784, ack 1, win 64032, length 184
19:39:29.940673 IP 66.25.217.209.61210 > 192.168.0.2.22: Flags [.], ack 1829985719, win 515, length 0
19:39:30.082215 IP 212.58.121.95.6500 > 192.168.0.2.22: Flags [.], ack 0, win 64820, length 0
19:39:30.082215 IP 212.58.121.95.6500 > 192.168.0.2.22: Flags [.], ack 252, win 64568, length 0
19:39:30.082216 IP 212.58.121.95.6500 > 192.168.0.2.22: Flags [.], ack 1012, win 65320, length 0
19:39:30.082216 IP 212.58.121.95.6500 > 192.168.0.2.22: Flags [.], ack 1232, win 65100, length 0
19:39:30.082216 IP 212.58.121.95.6500 > 192.168.0.2.22: Flags [.], ack 1600, win 64732, length 0
19:39:30.082286 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 1784:2144, ack 1, win 64032, length 360
19:39:30.082425 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 2144:2276, ack 1, win 64032, length 132
19:39:30.082493 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 2276:2312, ack 1, win 64032, length 36
19:39:30.082524 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 2312:2444, ack 1, win 64032, length 132
19:39:30.083725 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 2444:3720, ack 1, win 64032, length 1276
19:39:30.084938 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 3720:3904, ack 1, win 64032, length 184
19:39:30.086334 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 3904:4052, ack 1, win 64032, length 148
19:39:30.087843 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 4052:4200, ack 1, win 64032, length 148
19:39:30.089549 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 4200:4348, ack 1, win 64032, length 148
19:39:30.090682 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 4348:4496, ack 1, win 64032, length 148
19:39:30.092011 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 4496:4644, ack 1, win 64032, length 148
19:39:30.093318 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 4644:4792, ack 1, win 64032, length 148
19:39:30.095014 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 4792:4940, ack 1, win 64032, length 148
19:39:30.095113 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 4940:5124, ack 1, win 64032, length 184
19:39:30.097138 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 5124:5272, ack 1, win 64032, length 148
19:39:30.098397 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 5272:5420, ack 1, win 64032, length 148
19:39:30.099681 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 5420:5568, ack 1, win 64032, length 148
19:39:30.100859 IP 212.58.121.95.6500 > 192.168.0.2.22: Flags [.], ack 1784, win 64548, length 0
19:39:30.100892 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 5568:5716, ack 1, win 64032, length 148
19:39:30.100983 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 5716:6004, ack 1, win 64032, length 288
19:39:30.102218 IP 192.168.0.2.22 > 212.58.121.95.6500: Flags [P.], seq 6004:6152, ack 1, win 64032, length 148

After going through some connections I kept focusing on single connections and this one was interesting:

Each packet seems to be sending ascii art line on each packet...

E...8.@.@.A(...........9....
E..&9a@.@.@............9....  ____
E..&9|@.@.@............9.... / ___|
E..&9.@.@.@............9.... \___ \
E..&9.@.@.@............9....  ___) |
E..&9.@.@.@............9.... |____/
E..&:$@.@.?............9....
E..&:6@.@.?............9....  ___
E..&:S@.@.?............9.... |_ _|
E..&:n@.@.?............9....  | |
E..&:y@.@.?............9....  | |
E..&:.@.@.?)...........9.... |___|
E..&; @.@.>............9....
E..&;,@.@.>............9.... __     __
E..&;.@.@.>x...........9.... \ \   / /
E..&<.@.@.=............9....  \ \ / /
E..&<y@.@.=............9....   \ V /
E..&<.@.@.=............9....    \_/
E..&=>@.@.<............9....
E..&=.@.@.<}...........9....  _   _
E..&>   @.@.<............9.... | | | |
E..&>h@.@.;............9.... | | | |
E..&>.@.@.;F...........9.... | |_| |
E..&?P@.@.:............9....  \___/
E..&?.@.@.:............9....
E..&@.@.@.:............9....  ____
E..&@m@.@.9............9.... / ___|
E..&@.@.@.9K...........9.... \___ \
E..&@.@.@.99...........9....  ___) |
E..&A\@.@.8............9.... |____/
E..&A.@.@.8............9....
E..&B.@.@.8............9....   ____
E..&B.@.@.8............9....  / ___|
E..&Bb@.@.7............9.... | |
E..&B.@.@.7Q...........9.... | |___
E..&CF@.@.6............9....  \____|
E..&C.@.@.6r...........9....
E..&C.@.@.6=...........9....   ____
E..&D.@.@.6............9....  / ___|
E..&DM@.@.5............9.... | |  _
E..&D.@.@.5m...........9.... | |_| |
E..&D.@.@.5"...........9....  \____|
E..&EE@.@.4............9....
E..&ES@.@.4............9....    __
E..&EZ@.@.4............9....   / /
E..&E.@.@.4N...........9....  | |
E..&F.@.@.4............9.... < <
E..&Fy@.@.3............9....  | |
E..&F.@.@.3,...........9....   \_\
E..&G   @.@.3............9....  _
E..&G$@.@.2............9.... | |_
E..&G.@.@.2............9.... | __|
E..&G.@.@.2............9.... | |_
E..&H.@.@.2............9....  \__|
E..&H}@.@.1............9....
E..&H.@.@.1c...........9....   ___
E..&I.@.@.1............9....  / _ \
E..&I.@.@.1............9.... | | | |
E..&I.@.@.0............9.... | |_| |
E..&I.@.@.0t...........9....  \___/
E..&J.@.@.0............9....
E..&JV@.@./............9....  _
E..&JY@.@./............9.... | |_
E..&J.@.@./T...........9.... | __|
E..&J.@.@./E...........9.... | |_
E..&J.@.@./>...........9....  \__|
E..&K.@.@./............9....
E..&K7@.@..............9....  _  _
E..&K.@.@..r...........9.... | || |
E..&K.@.@..8...........9.... | || |_
E..&L]@.@.-............9.... |__   _|
E..&L.@.@.-}...........9....    |_|
E..&L.@.@.-C...........9....
E..&M.@.@.-............9....  _
E..&M-@.@.,............9.... | |
E..&Ml@.@.,............9.... | |
E..&M.@.@.,............9.... | |
E..&N.@.@.,............9.... |_|
E..&N6@.@.+............9....
E..&Nv@.@.+............9....  _
E..&N.@.@.+............9.... | |
E..&N.@.@.+M...........9.... | |
E..&O4@.@.*............9.... | |
E..&Oe@.@.*............9.... |_|
E..&O.@.@.*\...........9....
E..&O.@.@.*O...........9....
E..&O.@.@.*C...........9....  _   _
E..&PM@.@.)............9.... | | | |
E..&P.@.@.)j...........9.... | |_| |
E..&P.@.@.)2...........9....  \__, |
E..&P.@.@.)/...........9....  |___/
E..&QR@.@.(............9....
E..&Q.@.@.(............9....
E..&R.@.@.(............9....
E..&RP@.@.'............9....
E..&R.@.@.'r...........9....  _____
E..&R.@.@.'d...........9.... |_____|
E..&S.@.@.'............9....  _
E..&S>@.@.&............9.... | |_
E..&SE@.@.&............9.... | __|
E..&S.@.@.&f...........9.... | |_
E..&S.@.@.&7...........9....  \__|
E..&Tb@.@.%............9....
E..&T.@.@.%X...........9....
E..&U.@.@.%............9....  _   _
E..&U#@.@.$............9.... | | | |
E..&UK@.@.$............9.... | |_| |
E..&U.@.@.$U...........9....  \__,_|
E..&VD@.@.#............9....
E..&Vt@.@.#............9....  _
E..&V.@.@.#;...........9.... | |__
E..&W[@.@."............9.... | '_ \
E..&W.@.@."Q...........9.... | |_) |
E..&X'@.@.!............9.... |_.__/
E..&X.@.@.!............9....
E..&X.@.@.!Q...........9....  _  _
E..&Y0@.@. ............9.... | || |
E..&Y.@.@. q...........9.... | || |_
E..&Y.@.@. j...........9.... |__   _|
E..&Z*@.@..............9....    |_|
E..&ZF@.@..............9....
E..&ZZ@.@..............9....  _
E..&Z.@.@..............9.... | |
E..&[.@.@..............9.... | |
E..&[N@.@..............9.... | |
E..&[.@.@..a...........9.... |_|
E..&[.@.@..2...........9....
E..&[.@.@..#...........9....  _  _
E..&\.@.@..............9.... | || |
E..&\w@.@..............9.... | || |_
E..&\.@.@..?...........9.... |__   _|
E..&]-@.@..............9....    |_|
E..&].@.@..............9....
E..&].@.@..@...........9....
E..&].@.@..-...........9....  _ __
E..&^0@.@..............9.... | '__|
E..&^2@.@..............9.... | |
E..&^5@.@..............9.... |_|
E..&^.@.@..~...........9....
E..&^.@.@..A...........9.... __
E..&^.@.@..;...........9.... \ \
E..&_5@.@..............9....  | |
E..&_.@.@..l...........9....   > >
E..&_.@.@..h...........9....  | |
E..&`.@.@..............9.... /_/
E...`$@.@..............9....
E...`+@.@..............9....
E...`@@.@..............9....

  ____     ___   __     __   _   _    ____      ____    ____       __    
 / ___|   |_ _|  \ \   / /  . | | |  / ___|    / ___|  / ___|     / /    
 \___ \    | |    \ \ / /   | | | |  \___ \   | |     | |  _     | |     
  ___) |   | |     \ V /    | |_| |   ___) |  | |___  | |_| |   < <      
 |____/   |___|     \_/      \___/   |____/    \____|  \____|    | |     
                                                                  \_\
._       ___    _     _  _      _    _   _   _                          
| |_    / _ \  | |_  | || |    | |  | | | | | |                          
| __|  | | | | | __| | || |_   | |  | | | |_| |                          
| |_   | |_| | | |_  |__   _|  | |  | |  \__, |                          
 \__|   \___/   \__|    |_|    |_|  |_|  |___/    |_____|                

 _              _       _  _      _    _  _            __                
| |_   _   _   | |__   | || |    | |  | || |    _ __   \ \               
| __| | | | |  | '_ \  | || |_   | |  | || |_  | '__|   | |              
| |_  | |_| |  | |_) | |__   _|  | |  |__   _| | |       > >             
 \__|  \__,_|  |_.__/     |_|    |_|     |_|   |_|      | |              
                                                       /_/    

SIVUSCG{t0t4lly_tub4l4r}

Flag: SIVUSCG{t0t4lly_tub4l4r}

PreviousSpreading Out NextTiming is Everything

Last updated 8 months ago

hashtagDescription

hashtagSolution

Description

Solution