Published on

ImaginaryCTF 2023 – Web

Authors
  • avatar
    Name
    Lumy
    Twitter

Web

We recovered this file from the disk of a potential threat actor. Can you find out what they were up to?

Table of Contents

  1. Source
  2. Solution

Source

The challenge gives us a zip file: web.zip

Within the zip file, we can see that it is a dump of a firefox data browser

Solution

We can use firefed, a tool for Firefox profile analysis, data extraction, forensics and hardening

┌──(kali㉿kali)-[~/Downloads/firefed/.mozilla/firefox]
└─$ firefed -p 8ubdbl3q.default logins
Host                    Username  Password
----------------------  --------  --------------------------------------------------
https://yoteachapp.com            UeMBYIbgPqNiSWzOVguTbccMOnLirDoEGTjgiqNrbOvwzynbyN

┌──(kali㉿kali)-[~/Downloads/firefed/.mozilla/firefox]
└─$ firefed -p 8ubdbl3q.default history
https://support.mozilla.org/products/firefox
    Title:      None
    Last visit: 1969-12-31 19:00:00
    Visits:     0

https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-browser&utm_medium=default-bookmarks&utm_campaign=customize
    Title:      None
    Last visit: 1969-12-31 19:00:00
    Visits:     0

https://www.mozilla.org/contribute/
    Title:      None
    Last visit: 1969-12-31 19:00:00
    Visits:     0

https://www.mozilla.org/about/
    Title:      None
    Last visit: 1969-12-31 19:00:00
    Visits:     0

https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaign=new-users&utm_content=-global
    Title:      None
    Last visit: 1969-12-31 19:00:00
    Visits:     0

https://www.mozilla.org/privacy/firefox/
    Title:      None
    Last visit: 2023-07-09 18:45:43
    Visits:     1

https://www.mozilla.org/en-US/privacy/firefox/
    Title:      Firefox Privacy Notice — Mozilla
    Last visit: 2023-07-09 18:45:45
    Visits:     1

https://www.google.com/search?channel=fs&client=ubuntu-sn&q=wordle
    Title:      wordle - Google Search
    Last visit: 2023-07-09 18:46:27
    Visits:     1

https://www.nytimes.com/games/wordle/index.html
    Title:      Wordle - The New York Times
    Last visit: 2023-07-09 18:46:51
    Visits:     1

https://www.google.com/search?channel=fs&client=ubuntu-sn&q=quordle
    Title:      quordle - Google Search
    Last visit: 2023-07-09 18:50:54
    Visits:     1

https://www.merriam-webster.com/games/quordle/
    Title:      None
    Last visit: 2023-07-09 18:50:56
    Visits:     1

https://www.merriam-webster.com/games/quordle/#/
    Title:      Quordle
    Last visit: 2023-07-09 18:50:57
    Visits:     1

http://yoteachapp.com/supersecrethackerhideout
    Title:      None
    Last visit: 2023-07-09 18:52:17
    Visits:     1

https://yoteachapp.com/setup/64ab39b5b13dfb00148ea72f?roomID=64ab39b5b13dfb00148ea72f&redirect=%2Fsupersecrethackerhideout
    Title:      PALMS Backchannel Chat | The new alternative to Todaysmeet
    Last visit: 2023-07-09 18:52:24
    Visits:     1

https://yoteachapp.com/password/64ab39b5b13dfb00148ea72f
    Title:      PALMS Backchannel Chat | The new alternative to Todaysmeet
    Last visit: 2023-07-09 18:53:15
    Visits:     1

https://yoteachapp.com/supersecrethackerhideout
    Title:      PALMS Backchannel Chat | The new alternative to Todaysmeet
    Last visit: 2023-07-09 18:53:53
    Visits:     2

https://www.google.com/search?channel=fs&client=ubuntu-sn&q=chatgpt+jailbreak
    Title:      chatgpt jailbreak - Google Search
    Last visit: 2023-07-09 18:55:29
    Visits:     1

https://gist.github.com/coolaj86/6f4f7b30129b0251f61fa7baaa881516
    Title:      ChatGPT-Dan-Jailbreak.md · GitHub
    Last visit: 2023-07-09 18:55:36
    Visits:     1

Accessing the secret room URL and with the gathered password gives us the flag

Flag : ictf{behold_th3_forensics_g4untlet_827b3f13}