| import certstream | |
| import json | |
| import requests | |
| # Set the webhook_url to the one provided by Slack when you create the webhook at https://my.slack.com/services/new/incoming-webhook/ | |
| WEBHOOK_URL = os.environ["SLACK_WEBHOOK_URL"] | |
| NEEDLE = "coinbase" | |
| # Search for domains with a keyword in them and write the corresponding certificate to a file |
| certstream --json | \ | |
| jq -r '.data | [ (.seen|floor|tostring), (.leaf_cert.all_domains[0]|split(".")|.[-1]), .chain[0].subject.CN, "200", "0" ] | join("|")' | \ | |
| logstalgia -g "Certificate Authorities,CODE=^200,0" --hide-response-code --hide-paddle --path-abbr-depth -1 --no-bounce -s 2 --address-abbr-depth -1 |
Full disclosure: this is the happy path, there were a lot of sad paths with this challenge and many hours spent pulling out my hair to get to the flag. Very cool challenge though!
The first obvious step is to get info on the binary itself, and running it to see what it does.
$ readelf -h ./x96
| import os | |
| import re | |
| from pymongo import MongoClient | |
| from bson.objectid import ObjectId | |
| client = MongoClient() | |
| db = client.db | |
| def get_or_add_user(_id=None, name=None): |