30 March 2023

Pentesting Fun Stuff

following the cyber security path…

SpyderSec: Challenge




You are looking for two flags. Using discovered pointers in various elements of the running web application you can deduce the first flag (a downloadable file) which is required to find the second flag (a text file). Look, read and maybe even listen. You will need to use basic web application recon skills as well as some forensics to find both flags.
Level: Intermediate


└──╼ $sudo nmap -A -T4 -sV -p-
Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2016-09-07 14:41 CEST
Nmap scan report for
Host is up (0.00028s latency).
Not shown: 65533 filtered ports
22/tcp closed ssh
80/tcp open http Apache httpd
|_http-server-header: Apache
|_http-title: SpyderSec | Challenge
MAC Address: 08:00:27:56:11:10 (Oracle VirtualBox virtual NIC)
Device type: general purpose
Running: Linux 2.6.X|3.X
OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3
OS details: Linux 2.6.32 - 3.13
Network Distance: 1 hop

Just like the description said. I need to focus on the website at port 80.
I let dirb run to get some information about possible pages.

└──╼ $dirb
---- Scanning URL: ----
+ (CODE:200|SIZE:1150)
+ (CODE:200|SIZE:8883)

Not an awful lot.
When I look at the source code there is some obfuscated javascript. After running it through http://jsbeautifier.org/ and decoded the hex output, the final result was: alert(‘mulder.fbi’);
The truth is out there……mulder.fbi. It looks like this boot2root has a X-Files theme.
From the site I examined 2 pictures. 1 of them had an interesting comment.


When I looked at the HTML headers I saw that the site loaded some cookie which looked an awful lot like an URL. Especially because it begins with the /v/ folder dirb found earlier.
When I add mulder.fbi to the string, I get a file to download.

Music to my ears

The mulder.fbi file was a mp4 file with a song from The Platters. I examined the file but I couldn’t find anything odd about it. I did however still had that password-like string from before. Steganography came to mind. But how with a mp4? A search on Google did the trick. I searched for a way to extract a file from a video by means of steganography and tried different tools. But they all reported that the video file in question didn’t had a concealed file within. After some additional searching I stumbled onto a site explaining what was another possibility.

Final flag

Because Truecrypt was replaced by Veracrypt, I used this program to extract the file from the mp4 file.
After mounting the file I got the final flag.

You are a winner.
Please leave some feedback on your thoughts regarding this challenge… Was it fun? Was it hard enough or too easy? What did you like or dislike, what could be done better?


It was a small challenge but still I needed time to discover the solution to the final conundrum.
Fun to do with some new stuff to learn on my part.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.